I feel like those things can happen to anyone if you aren't careful. I agree it was the fault of that Apple rep who didn't ask any security questions before resetting the password. But, generally when I've called, they ask you. But, it appears even if they did, it wasn't going to be enough. I feel they do need to beef up their security measures.
That being said, I highly recommend using 1password
for the mac, windows, iOS, or android devices. It's a great app that works well, and allows you to easily deal with good and unique passwords for every site. Not that it would necessarily have helped in this case.