So true. Speculation in the original comment thread (http://news.ycombinator.com/item?id=4337938) included MITM attacks, keyloggers, sleeper programs left over from an earlier (known) breakin, brute force, etc.
Most of the ideas batted around were technical in nature and somewhat advanced.
And also easy to forget that the level of verification required by most alternative authentication schemes is significantly weaker than the original login mechanism.
Most of the ideas batted around were technical in nature and somewhat advanced.