Consider using different credit cards for different services. In Hiroshima's case, had he tied Paypal and GoDaddy to different cards, the hacker wouldn't have been able to complete his two-step attack in the manner he did. Some banks will also issue one-time card numbers which you can use, say, when paying for a ten-year domain registration, then burn forever.
You might consider undertaking a faux attack of your own account as a test. Call your providers and see what they'll divulge over the phone. Beg and plead and rely on human nature to cajole them into helping you. If you're not satisfied that they'll stick to their policies and protect your personal information, it's probably time to jump ship.
Sign up for MIS Asia eNewsletters.