A couple of points based on skimming the thread.
1) Choose a password with a sprinkling of capitals, vowels replaced with numbers, a space or two, and some special characters. Even better, choose the base word from the initial letters of a sentence - favourite song lyrics or the like. Password cracking is fairly straightforward if time consuming, and
using the latter strategy avoids dictionary-based attacks. (Check
http://sites.google.com/site/reusabl...Defcon09v2.pdf - slide deck from Defcon) which is quite geeky but interesting.
2) Facebook is sort of ok, it's the apps bolted on which I have a problem with. First because they're third-party and secondly because of the sort of things they do. Choose with care, and avoid quizzes like "What's your first pet's name" and "mother's maiden name" - the sort of things you might have seen before as security questions for bank logins, that type of thing.
3) Tw it ter - insecure due to the use of URL shortening, plus maddeningly "cool" - it's all bollox to me
4) Some of the more exotic web-based attacks require nothing more than visiting a hacked web site which has had references to dodgy web sites installed. Use Firefox, "NoScript" and "FlashBlock" and know how to interpret what they're saying. Also, close ANY browser, then log in to online banking sites, do your business then log off. Stored credentials can cross tabs/browser windows to effect an attack even if the banking site is secure.