Seems to me that I've read more "I got hacked" posts, comments, news articles ever since Blizz moved to the bnet account setup for all their games instead of WoW having it's own login info. Which to me seems like it adds a lot more value to getting your hands on someone's bnet info. And seems to add more vulnerabilities to their system because if you can break into one part of it that has access to the account information, you have access to them all.
I still suspect that Blizzard has been compromised (at least once) and never made it public. Obviously people who actively play WoW will notice that their account has been hacked, but there are people who haven't played in many months/years who were hacked AND reactivated (probably with stolen CC or game card).
And this new policy seems exploitable... have a secondary account that gets compromised a little too often...and you've got yourself some free stuff for your naked chars time. Because if they aren't looking it up to actually see if you've LOST stuff....to save workload of course. Plus if they were looking up your old info to see that you lost stuff, then.....seems like it wouldn't be much more to just restore you right then and there.