A little paranoia isn't a bad thing. About a year ago, I was updating a website over what I thought was a secure FTP connection. Turns out it wasn't--my bad for clicking the wrong box. Within 24 hours, every page of our site was littered with reams of text advertising black market pharma, as was the subdomain on the same account/server. The break in occurred overnight, from an IP in Ukraine.

And where was I during my update? In a Delta Skyclub--the only connection I'd made to the server from outside the office in six months.

Doesn't take much to get my attention--better to be overly cautious than under-informed.

Thanks to everyone here who so kindly cleared things up with answers.