Dare Obasanjo links to an account of the "hacking" of Sarah Palin's Yahoo email account - which wasn't so much "hacking" as using the easily available net information that's lying around and then claiming to be Ms. Palin, and to have forgotten the password:

The fundamental flaw of pretty much every password recovery feature I've found online is that what they consider "secret" information actually isn't thanks to social networking, blogs and even Wikipedia. Yahoo! Mail password recovery relies on asking you your date of birth, zip code and country of residence as a proof of identity. Considering that this is the kind of information that is on the average Facebook profile or MySpace page, it seems ludicrous that this is all that stops someone from stealing your identity online.

I hadn't given this much thought, but he's dead on. Scary stuff, and too easy.