Most of the people who have been hacked have been keylogged at some point in the past and use the same username/password on every site. If you have any kind of smartphone, the mobile authenticator is completely free.
No one's going to be using the RMAH when it comes out. It's way too easy to get gold in this game, and with the number of times the AH fucks up with lost items etc, people are going to avoid it like the plague once it involves actual cash.
In other news, I'm busy smashing my face into Act 2 Inferno.