Ok, I found the pharma references. There were two fake jpg images in my images folder, both of them containing text. The first has portions of my site, links to my shop, etc. The second has all the pharma terms.

The files were named umenu2.jpg and mailto1.jpg

The compromised files were all dated May 28 2011.

I'm not sure what the purpose of these files were since their contents weren't visible to normal visitors. I continued to visit the site regularly during the affected week and no one reported seeing anything strange. Google claims the content was exposed to its search engines (only?)