CNET reports that Elcomsoft has updated their distributed password cracking tool to attack iWork document passwords.
There is no technical problem with how Apple encrypts the documents, rather this is a brute force method that can test a huge number of passwords in a relatively short amount of time.
ElcomSoft assumes that because iWork is a commercial product, consumers will likely use passwords that are easier to figure out, such as those that use names and dictionary terms.
The moral of the story here is to always use a non-dictionary password, preferably mixed-case, using numbers and symbols. I suggest using a tool like LastPass or 1Password to create, and store, secure passwords.