Same old, same old.
I'm astounded that web services expect me to give them my Google authentication credentials. They're conning us when they claim mere encryption will secure the data.
Incidentally, this emphasizes the stupidity of the "secret security question" fail (see US Bank security shield makes me scream). Not only do they make it easier to hack into user data, they do nothing to protect us from the commonplace insider thefts and other, old, tactics.
Update 9/24/09: When exploring the 5000 post Blogger bug, I found a 2003 post about an "epidemic" of credit card fraud.