Use very strong passwords anywhere where money is involved online, and DON'T use the same password at multiple sites.
Agreed, so many people underestimate the power of the password. To make one really secure, use special characters like #, !, &... that
makes it real hard to crack. Also use upper/lowercase and alpha/numeric.
While I whole heartedly agree that a strong password is a must, but don't stop there. Ensure you take other security measurements on your system as well: Up to date antivirus, scan pcs for malware/spyware, patch your systems. And if you have questionable browsing habbits, then make sure you use a different system (if available) for that.
I'm sorry for your loss, hopefully there are some recourse with the vendor.
I know how you must be feeling to have something taken from you. I once had my poker account broken into and they used up all my funds, while not to your amount, but I still felt violated.