*there's always a possibility that the attacker tampered with the database. But it's nearly impossible to tell which data was tampered with and which wasn't, so either way they're in pretty hot water.
If only database technology was available for financial services where there is the ability to store transactions with auditable history as well as there being an archive log such that recovery to a point in time is possible. If only such a thing existed ....
From what Zhou posted I assume Bitcoinica was using plain old MySQL, so no luck with this.
EDIT: Unless they have done daily offsite database backups. That would help - you would just compare it to existing DB to check if it was tampered with.
The requirement to send your personal info to get your wire transfer would cover that.
A hacker who'd tampered his own position/balance wouldn't send his credentials.
In any case, by the looks of it they are in damage control mode and forced liquidation at market prices seems the least damaging option if putting the site back online is for any reason out of the question.
I took all my coins out shortly after the first fiasco. The more I heard about the decisions behind the system, the more convinced I was it wasn't ready for the kind of "attention" it was bound to bring (*esp. after he decided to make it mandatory to send your real credentials to the site... I wouldn't want them to store my data). This is a clear
force majeure case, I'd count my lucky stars with just having a position force-liquidated over just saying goodbye to all my balance, if I were in your position.