As far as I've heard the authenticator device is in fact pretty craptastical as this story points out; if its that simple to have the device disassociated with an account then it might as well be magic server dust. Accounts being hijacked in WoW is actually quite common, the forums used to average a high number of posts from hijacked accounts attempting to trick people into going to sites that installed software that would in turn compromise their systems. Oddly enough by applying a little common sense my account has never been hijacked ever, so maybe it just speaks volumes of the retardation of some people that account hacking is so prevalent in the game?