The Anatomy Of The Twitter Attack. Long-winded explanation of the recent Twitter break-in, but you can scroll to the bottom for a numbered list summary. The attacker first broke in to a Twitter employee’s personal Gmail account by “recovering” it against an expired Hotmail account (which the attacker could hence register themselves). They gained access to more passwords by searching for e-mails from badly implemented sites that send you your password in the clear.
Sign in with 
OpenID
Any suggestions on how this can be improved?
I posted two security requests to the Gmail discussions; an option for disabling the security question and an deactivated secondary mail detection system (is this even possible?) or an expired mail registry.
Gmail just asked me to confirm my secondary mail:
Hey, this is important: If you ever lose access to your account, you can send password reset info to [secondary mail].
This address is correct | Update this address