I'm also extremely suspicious of the "seen my friends with authenticators get hacked" part of all that.

There was that man-in-the-middle virus attack a while back that allowed circumvention, but to the best of my knowledge, the account thieves haven't gotten around them in any meaningful or useful way. The virus required that you and the hacker be sitting at your computers at the same time, and that you enter 3 codes quickly enough for them to remove the authenticator. (Which means they had to recieve and use the codes in the 10 or 15 second window that the codes are good for.) All in all, not a particularly reliable or productive way for the gold farmers to make some money.

Knowing a little about computers and security, I can tell you: a unique-keyed, time dependant, generated code is probably one of the most secure set-ups you can have for something like this. If you really have multiple friends with authenticators that have been hacked, that's a pretty big news story, and you should forward the proof to WoW Insider; I imagine they'd love to run that.