If you lock the e-mail in the settings of scrypt.cc, a scammer/hacker/phisher/whatever would need to have access to both your account AND your e-mail, and know or bruteforce your PIN, before they could withdraw your money. Did all people that got their money stolen have their e-mail locked in the settings?
Good point, I have the email lock option enabled. You can only change this with a support ticket once enabled.
I can't understand how accounts are getting hacked so easily, what sort of passwords are you using?
Have you done scans on your PC for malware/Trojans etc?
Are you using the same password for a whole host of other sites?