i think what we need to focus on here is what blizzard has said in there blue post response.
I know there are users on this very forum that suggest they had a token on there account before it was hacked. I'm not sure what to believe other then my own XP on this. On one hand we have people saying "I had an authenticator and was hacked", and the other is saying "we have yet to investigate a compromise report in which an authenticator was attached beforehand". I personally have had an authenticator on my account since they came out with them and have had NO issues with my account. Been playing wow for 4 years, starcraft since it came out (2 years?) and now diablo.
Quite honestly, probably neither party is completely honest in this respect. There probably are people who say they have an authenticator and do not, or people who have an authenticator, yet their PC's are comprimised.
At the same time, it's not in Blizzard's interest to admit fault if there is a problem with how their security is set up. An admission of fault would cause a massive loss in trust, and cause who knows how much havoc.