The most serious danger to your account is that someone can guess your password. As such, it is your responsibility to choose a password that is hard to guess.
The game uses a simple system to make sure nobody can brute-force your password, that means guessing until he finds it. The game logs the number of failed attempts on your account. If there are 10 failed attempts, the game will automatically change your password to a random value and send you an e-mail with the new password.
Just to make brute-forcing more difficult, it will also wait longer and longer with telling the attacker that his login attempt failed, so his guessing attempts are artificially slowed down.
If you get an e-mail saying someone has requested a password change, and you didn't, then there is no need to panic. After all, you got the mail, not the other guy, right?
A good way of ensuring password security is using a password that is very difficult to guess, it is ill advised to use passwords such as a birth date, a real name, or names of loved ones. A secure password will use a mixture of upper case and lowercase letters as well as numerical and special characters i.e. (!, #, %, &, @)
As you can see above the sheer difference between a good password and bad password, hackers or wannabe hackers will often employ methods or programs to guesstimates your password, don't make it easy for them. And to note Tom or another battlemaster developer will never ever ask for your password if someone does ask for your password claiming to be a developer or Tom simply report the matter directly to Tom on the forums or to a Magistrate. As the first sentence states, security of your account is mainly your responsibility.