iCloud is awesome, if you know your friends DOB, email address and the last 4 digits on their cc you could get access to EVERYTHING 
Many other services are also suspectible to similar kinds of attacks. But don't let that stop the hate!
The problem you mentioned is due to Paypal and Amazon revealing sensitive information that happens to be used for verification on Apple side. In fact they first hacked the Amazon site before they gained access to the Apple ID. Knowing an e-mail address is however not enough. I for example have multiple e-mail accounts, one of which is used for my apple account (and it's not the .me address either). Only if the user had used a very obvious account (the .me account or his daily e-mail account) can the hacker collect enough information for attack.
Even if you had e-mail correspondence with me all day you still wouldn't be able to figure out what my apple account uses for registering.
