I wanted to comment on this, because it’s kinda scary: someone’s personal domain was hijacked to get at his twitter account. Ars has a discussion about what happened, and the user himself did basically everything right. It was the employees of various companies (mainly his domain registrar) that facilitated the attack.
I use a personal domain for some of my email, so that hit close to home. My registrar allows me to “lock” my domain settings, basically meaning nobody can change anything until I login and unlock it. Would that have stopped something like this? I hope so. But even the best measures are not always successful at thwarting a determined attacker.
Now I’m going to get on an airplane, have fun contemplating the implications.