I've been playing MMO's since 1996... in that 12 years I've had exactly zero accounts compromised.

A good friend had his account violated twice in that same time. Both times the issue was that his son had shared the account info. (Of course he had shared the info with his son in the first place.)

A guildy of mine in WoW had his account hacked 5 times just before TBC launched. These were separated out a little bit, but in the end I'm confident that the hackers utilized a brute force attack for the last two. The first one he had shared his password with a malware that had a keylogger built in. The second and third happened and we are fairly certain it was because the malware had rootkitted the machine and kept reinfecting.

The fourth and fifth however we had reformatted his machine, from scratch. Updated anti-virus, malware, anti-spyware software and updated his password to a 10 digit mixed case alpha numeric with symbols password... yet his account got violated twice more (with a full reformat in between).

Blizzard refused to change his account name, which is all thats required for a brute force attack. So he bought a new account, setup a 10+ digit name that looks a lot like a password, setup a 10+ digit password with the same standards mentioned above, and has been secure ever since. I'm not sure if he ever picked up an authenticator.

Really though, for $6 you can't beat an authenticators protection.