I agree. If it's a random attack, then the probability is relatively low to get attacked. But if you're targeted, quite frankly it's probably very easy to attack you, either virtually or physically.
One thing I do know, though, is that like you said, security is likely going to get tightened across the board, and that means that it's going to get a lot more inconvenient for all of us. I guess that's a good thing, but it will definitely impact the usability of these services.
If it means that all vendors will tie their services to a two-factor authentication scheme linked to our phone, well that might just stop me from using the services altogether.
I think the services can be improved without becoming too annoying. Someone in this thread suggested a 24 hour delay, which seems reasonable. You could also send a "last call" email and text message to make sure the right user is the one that has requested the password change. Apple could easily separate Find my Mac from "wiping", or add a second password for that.
None of these will be 100% effective, but it will make things more difficult for attackers and not too uncomfortable for users.
One thing I do know, though, is that like you said, security is likely going to get tightened across the board, and that means that it's going to get a lot more inconvenient for all of us. I guess that's a good thing, but it will definitely impact the usability of these services.
If it means that all vendors will tie their services to a two-factor authentication scheme linked to our phone, well that might just stop me from using the services altogether.