BTC-e uses email-based 2FA (withdrawal confirmation link) to avoid such thefts. Why this option is not available in Mt.Gox? Even Slush's pool asks for email confirmation when you change your payment address. I think email-based 2FA for withdrawals should be the necessary minimum for exchanges.
At least MtGox should ask for confirmation for suspicious transfers, like when the IP is from a different country/continent as usual.
I was logged in to MtGox from an IP from Germany (as I always do), at the same time someone else with an IP from the UK logged in and stole my Bitcoins.
I mean, hello? I am no Photon. I can't be at two places at the same time. At least MtGox should prevent those obvious inconsistencies from happening.
They are the biggest Bitcoin exchange - and their website technology looks like from the 1990s.
You can log in your account from a VPS or whatever, does not mean anything.
If you wanted a secure way of payment, you would use euros, or usd.
You can't do shit now, your bitcoins are lost forever and there is no way you will have they back.
I could say "sorry for your loss" but that would be hypocrite.