I don't think that is a huge issues. The 250m are most likely from people that don't even know that you have to make a transaction to create a public key.
Hell i didn't know until 7 days ago and i have 6 digits of them...
It is not clear to me (and possible to others). What is the difference between accounts with pubkey and without? My digits are also worried.
Accounts without a pubkey are only protected by 64bits. It is a first used, first gets basis. Basically even if you created the account by funding it, if you never associate a pubkey to the acct, ANYBODY who stumbles onto the 64bit key will control the account with their 256bit key.
The risk of keys being intercepted online is the usual reason people have for sending funds to an acct, but never using that acct. This backfires. Best to do one transaction. Any transaction and get 256 bit protection which is not projected to be cracked for at least another 8.957 years. Just kidding, 256 bit passwords with high entropy that new clients will enforce (hopefully) will be safe until further notice. Need some giant breakthroughs in crypto busting algorithms or hardware (quantum computers from the future) to even have a chance at breaking 256 bit keys. 64 bit keys, not so strong. Dedicated banks of ASICS could probably become a threat in as little as 5 years.
For significant holdings I recommend a fragmented wallet, eg. 10% in 10 different wallets each with different keys.
James