"So these reports of a major security hole in iTunes, one through which people have had their PayPal accounts drained?"
Um, no. A few instances of gullible users falling for a phishing scheme does not mean that the iTunes Store has (unreported) vulnerabilities. It doesn't matter where the 'news' comes from, users have been, are, and will continue to be hoodwinked into giving up their: bank account information, their userid and password, the paypal account information, [fill in the blank here]. Now in addition to banks and credit card companies being 'attacked,' PayPal and iTunes are now considered big enough to challenge. No big surprise here. As we've seen lately, the press seems to take perverse pleasure in pointing the finger at Apple, for anything that happens. A bit of schadenfreude in reporting?