Sounds pretty obvious that the guy lost his password if they attached WoW to his account. If it was just this "session ID" mumbo jumbo that you hear, it should have just been Diablo III that was affected as it would only provide access to that character (and the stash of course).
#1 rule of the Internet... don't trust the Internet.
Although, Blizzard's own protection mechanisms can be more annoying than not. I'm going up to Chicago this week, and I guarantee that I'll have to change my password if I log into Diablo III or World of Warcraft. I guess Blizzard's assumption that all gamers are basement dwellers doesn't necessarily pan out at times. :|
It's not as simple as "just losing your pw". My account was just compromised too. In 15 years of being on the internet, I've never once been compromised for any account, whether in gaming, bank accounts, emails, etc.
I built a brand new comp a couple of days ago before release too, and the only applications I downloaded were Chrome, Itunes, Steam, and standard benchmarks from reputable sites. Yes, I'm sure this is somehow my own fault that I got breached, when in fact thousands of others have reported the same issues.
The reality is there is a real security vulnerability in BNET that Blizz refuses to acknowledge, and it's easy to see that it's purely for financial reasons. They're trying to launch the real money auction house where paypal accounts are attached to your Blizz account. How many people would use that if they admitted to a security breach on launch week?