The C script is returning vulnerable on both my local machine (precise) and my vps (Ubuntu 11.10).

However tests of trying to brute force the root password using the mysql one liners in this thread have failed every time.

Both machines allow local access only so I assume I'm safe.

Yep, if you're blocking remote hosts to authenticate on 3306 (or any other port you're running mysqld on) you're safe. The attacking host can't authenticate itself, so it's unable to exploit this bug.