Regarding the forced PW change. If you've never shared acct info and not done any of those other things like visiting a site that may have put a trojan on your PC for monitoring your traffic and possibly keylogging you then you don't have to worry.
The problem is for the "hackers" this is a business for them, they will purchase lists of accounts found by whatever means necessary from people that make Trojans who specialize in trying to get them onto your PCs. Yes it is all illegal, but that just makes it more profitable. Stolen accounts for any MMO is big business, and lists get sold all the time, RO is certainly one of those targets. I'm changing my PW because it is good operating practice to do so every 3-6 months. It is also wise because most of the time you don't know 100% who may be listening in on the network, who else did stuff to the PC, or what has happened to that friends PC/network whom you let log in your account that one time.. For security it pays to be paranoid. We are trying to tread the line of protecting players and keeping everything playable.
I would also like to extend on this idea, passwords for RO accounts use 23 characters and WP passwords use 25 characters. The longer the password the harder to crack, the more unique the password, the hard it is to crack. What does this mean? It means use symbols, !@#$%^&*(), numbers, 1234567890, and characters both capitalized and lowercase.
http://en.wikipedia....Password_policyNEVER EVER KEEP YOUR PASSWORD LIST ON YOUR COMPUTER.
For me I use a key drive with my list if I forget one that is encrypted so that basically the only this computer plus my own personal 32 alpha-numeric character password will unlock it, I also change these about ever 6 months as well as the key to the lock.
Of course you don't need to go to this extreme, this is because my work PC is my own personal PC so I have to keep safeguards in place.