I don't have any data at hand, but I am pretty sure the clustering hypothesis is true. Best guess of mine are the following two cases, occuring more or less frequently:
a piece of code or algorithm is complex (maybe the implementation is more complex than necessary) and the original programmer did not fully understand what their code might do because of the complexity.
the code was not tested well
And - of course - a combination of both. Testing is hard, but testing complex code is much harder by an order of magnitude. And with increasing complexity, especially when code is not well tested, the number of potential bugs in a piece of code increases disproportionately.
So if you find several bugs in a given piece of code, it is most probably a badly tested, complex piece of code, which gives you a high chance to find more of them in the same area.
Addendum: two years after this question was asked, this study appeared
Empirical Study on the Distribution of Bugs in Software Systems
Unfortunately, it is behind a paywall. It's abstract tells us the authors analysed several open source projects and could find statistical evidence for the Double Pareto distribution (hence bug clustering ) as a suitable model for bug distribution in software systems.