The thing that always worries me is this: 2.3.3 is a known quantity and has had several security updates. 2.5 has a lot of new code — what if it has vulns in it? (It almost certainly has, just as 2.3.0 did).
Isn’t No. 1 above the best option — wait a while for the first 2.5.x security update?
BTW Donncha I’d love to hear how you run several sites off one install!