it is possible for somebody to see an acct published here, look it up in the blockchain website, see that it is worth cracking and then using a tweaked vanitygen to bruteforce search for passwords that match your acct number.
actually this time he got robbed from 1 vanity address and 2 non vanity addresses, right?
Not sure about the 2 smaller accts.