People can keylog, sentry config, mba, crack, bruteforce accounts.
You can get a phrase/number generator. Build a sentry config which is basically just a login screen attached to the game server, run the phrase generator to generate a username/password list, and attach it to a cracking program. VOILA, you are now cracking accounts. So yes, they should attach some sort of pin to our accounts for the ones that want the extra security or even something like an authentication to make sure all logins are legit.