Tips on never getting caught with your pants down by a 3rd party service:
1. Never ever rely on a service maintained by a 3rd party to remain secure. Just assume they will be compromised in the near future (including your password).
2. Make your password strong but don't reuse it; save it in your browser password cache or keyring. Use a memorized really-freaking-difficult master password for the browser cache/keyring.
3. Use NoScript and updated browsers to help prevent XSS and other simple attacks from compromising your cached cookies.
4. Encrypt all sensitive stored information yourself using a well-vetted tool such as gpg, openssl, etc and store the encrypted files on the 3rd party service.
5. Keep hard copies of your secure files, keys, etc in a secure location. 'The Cloud' is not a backup, it's a trap.
A security hole is one thing, but something like being able to log into anyone's account with whatever you'd like as the password? Or changing a digit in a URL and accessing someone else's account? Come on, that's like the guards at Fort Knox leaving all of the doors open directly to the gold, or the Secret Service collectively going out for a smoke break during a presidential parade.
The level of complexity of an attack and the ridiculousness of a hole are almost completely arbitrary in terms of compromising the security of a service. The biggest attacks of the past 6 months were performed either using social engineered credentials or extremely common web application vulnerabilities (so common that probably every hole used is on OWASP's Top 10 security holes).
The only reason Fort Knox or the Secret Service works is because it relies on humans spending 100% of their time actively focusing on security, 24 hours a day, every day. No web service I have ever heard of has that level of security.
As far as this particular hole: it's probably a bug somebody left in some code by accident and nobody foresaw the consequences. There are bugs like this in every system. The only reason you don't see more of these holes is because either nobody's looking for them or somebody found it and is keeping it very secret.