With large scale hacks in mind and apropos of the Yahoo hack, an attacker has miniscule chances of getting into your account, but 500 million accounts / a 6-digit auth code means with a full compromise (ie, username and plaintext passwords, which the Yahoo compromise was not), the attacker would still get into 5 accounts.
Given how much full email access is "keys to the kingdom" given password resets, thats the (tiniest) bit worrying.
With large scale hacks in mind and apropos of the Yahoo hack, an attacker has miniscule chances of getting into your account, but 500 million accounts / a 6-digit auth code means with a full compromise (ie, username and plaintext passwords, which the Yahoo compromise was not), the attacker would still get into 5 accounts.
Given how much full email access is "keys to the kingdom" given password resets, thats the (tiniest) bit worrying.