It's not paranoia. It's fact. Gold sellers exist on the internet. These people hack accounts and steal gold, credits, etc from MMO accounts then turn around and sell them to other players. Previously they had to rely on keyloggers and clever methods to get login details. Now they only need to skim the forums.
I have an authenticator on my account but I don't 100% trust apple or google not to accidently include a bug or exploit in their OS software, so I don't rely on it's for security. Passwords are easy to overcome. Most people use easy to guess passwords. I'm willing to bet that Password1 is a VERY common SWTOR password.
You do understand that there is security in depth on logins for SWTOR right? That is how the best security works, by depth of layers, not relying on any single layer for protection.
Personally, I think you are being paranoid to the point of silliness.... but giving you the benefit of the doubt....Let's walk down that paranoid pathway..... through the layers (the ones we know of, because I'm positive there are others behind SWTOR that we know nothing about.
1) Let's give a hacker your forum handle as his starting point. Yep, you heard me... hand it to him.
2) dang...he does not have your password and he does not have your email address to associate with it, so he can't go try to phish your password from you via email (I'm not saying you are that gullible, but that is what he would have to do).
3) I'm sure you have a secure password right? Let's give you the benefit of the doubt and say you have a strong password that is unique to this login target. because if you don't well that's on you. How exactly would the hacker who has your handle get a valid password for your login????? Especially since Phillip has clearly stated that SWTOR has anti-brute force hack protocols in place so he can't brute force to get it.
4) Just for the sake of paranoia progression.... lets say he somehow gets it. Whooops.... he tries to log in and gets a prompt asking for your security key. I know I know... he already put two 10 digit random numbers together and came up with an answer of "4" and knew to first to get your security key from god knows where....SINCE HE DID NOT KNOW IN ADVANCE YOU HAD ONE, NOR WHAT TYPE (HARDWARE OR SMARTPHONE).
5) Just for the sake of parnoia progression, lets pretend he got by phishing you for it ('cause that is the only way he gets one that he can firmly identify as yours) Whooops! he did not log in from your known IP address so the login authenticator demands an answer to one of 5 secrect questions. Unless you posted them up on your Facebook, how exactly is the hacker going to get the answers??????
My point? The hurdles that must be successfully traversed for some hacker (ie: a stranger that knows nothing about you) to successfully log in to your account are such that it's at best a billion to one chance he succeeds before flags trigger at Bioware and your account is frozen until you unlock it via an authorized unlock notification.
There are simply easier targets on the internet for hackfesting by the professional hackers then an SWTOR account with a strong password, an active authenticator, and secret questions to overcome the wrong IP address. There are tens of thousands of silly people that practically give their login info away to curious hackers such that they can't be bothered to try to hack the bascially unhackable. They would do much better to try to hack SWTOR.com directly to get your precious login validation data.... and there are no signs that that would be doable, nor would a hacker want to bring that kind of corporate attention to themselves (they like to work quietly, under the radar)
PS: And if you don't trust apple (I don't either by the way, as they are probably less secure then SWTOR.com And are a bigger target), then get yourself a hardware authenticator for $5 and remove all doubt. But even if they hacked Apple and got your authenticator token....how exactly would they tie it back to your forum handle and password to be able to actually make use of it?