I love the idea of PIN numbers to help prevent things stolen from the account.
I suggest 3 non-invasive PIN's thus:
Every time you log in from an unknown IP address, you will be prompted for one PIN number as soon as you enter the homepage. If it is incorrect 3 times in a row, the session ends and that IP address is recorded, auto-reported, and banned from that account. There could be an option to restore that IP address, but the person would have to go through a moderator or answer a security question, reconfirm email, or some other such.
The two other, completely different PIN's would be for the Inventory and Gold, respectively. Same deal. New IP address, enter the PIN, or else.
Also, to keep people from forgetting their PIN's, you'd have to enter them every two weeks or every month or something.
Security without hassle. biggrin
I dunno, maybe 3 PIN's is too much? Or maybe they could all be optional. *nodnod*