You should definitely start changing your passwords though, because the wallet changes were confirmed via email, meaning the person has/had access to your email. The wallet was not locked.
I'm interested to know why BTC Guild doesn't have the option for 2-factor authentication, most other pools do (and yes, my wallet is locked!).
Mostly because 2FA is such a major pain in the ass when it comes to support. People lose their phones. A lot. They also brick them a lot in the Bitcoin community. BTC Guild *does* have 2FA in the form of email confirmation for account changes if you have an email set. You can also add 2FA to some email services, adding yet another layer of security on top of the general confirmation. It's not as full proof as a OTP style authenticator, but there's also a huge number of sites with 2FA that will actually remove it with enough bitching at support.
BTC Guild offers a much stronger protection: Wallet locking. Lock the wallet and your account is secure unless somebody actually obtains your wallet's private keys. If you lose your wallet's keys, you have bigger problems than losing the ability to use your BTC Guild account. If you lose your phone, you only lose the current balance in your account due to lack of 2FA (assuming no exceptions are ever made). If you lose your private keys, you've lost whatever is in your account plus whatever was withdrawn but not spent.