Internet Security

I was talking to a friend about internet security stuff on sites like Facebook, Classmates (which sucks, can't do much of anything without paying), MySpace, etc. - information goldmine for identity theft... I should remove a lot of my work stuff from LinkedIn for the same reason, but I find the functionality handy. One thing I always do is give a fake birthday and never info on my family.... I just think of those "security questions" the bank asks when I call to do telephone banking - along with address and stuff that anyone can get, they ask your birthday and mother's maiden name, etc...
Another theory, I know many people who use the same username and password for different sites: I wonder if some of these sites ever run scripts to see if their client's usernames and passwords work on Google, Yahoo, Hotmail, etc.
I've already had a bad spam experience that I am positive was triggered by an ecard (so I don't accept those any more...). One of the types of spam I received was ads to buy CDs full of "guaranteed valid" email addresses for mass marketing. Got me thinking - how do they know the email addresses are valid? Well, at some point you must have responded to one of their emails - which would include following the "remove" instructions on spam and also answering ecards from non-reputable sites (in the ecard case they get 2 email addresses for the price of one...). Spam is the #1 reason that I use Yahoo for my email, their spam filters are fabulous...