Kiba, while you are correct that EVERYONE should use 2 factor...this is not why Bitcoinica was hacked.
Bitcoinica was hacked (this time) because they had their mtgox API key on the server which the hacker was able to exploit.
I'm not sure if its possible to do 2 factor with the API.
I am told API key was already revoked. Information seems to be conflicting and confusing.