Echo

Quick question: how do you know that his spam bots honor the redirect? If I were the spammer, I’d make my bot ignore any such thing the target server tells me.

The MD5 sums straight from the zip matched, but I replaced anyway. No deal.

The files uploaded to my server match the checksum of those in the WP 1.2.2 zip file. Re-downloading would accomplish nothing.
WP simply generates incorrect RSS.
Yours is validating because you only have a summary in your RSS.

Try to access the CSS file directly. It may have the wrong permissions.