It bugs me how full of holes SE's account security checks are. A few simple functions would prevent lots of accounts from being hacked/compromised. I doubt it would be too difficult to implement something along the lines of:
Any changes to your billing/payment information would require other personal information such as your previous credit card number before it can be confirmed, which any hacker/jerk with your account info would most likely (should) not have.
Account lockdowns whenever it is being accessed from a foreign IP address and contacts the original owner via email or phone call to confirm it's status to unlock it again.