sooo this is a rather bizarre situation that can't really be explained any other way than that blizzard has a vulnerability in their servers. Now I'm not a doom sayer, I know how authentication systems and servers work and I have a pretty good handle on how blizzard operates, so I can prove that there was no vulnerability on my end and that they were somehow able to access my account AFTER blizz had already locked it, without resetting the password.
to start of, heres the inbox I just logged into
notice how all the transactions take place after my account has been locked. also notice that I never got the email you usually get After you reset your password (pat on the back and how to avoid getting hacked in the future).
now I know your going to say "well then they hacked your email you noob, GASH".. well gmail has this handy feature that tells you who has accessed your email and from where, it also provides a pretty little map off to the side that points to the city you live in.... this is mine
as you can see all those access are mine, none of which took place between the account being locked and the transactions on my account.
the only conclusion is that blizzard has a major flaw in the security (or google does, but i trust google more).
/tinfoil hat boys
edit: for clearification because apparently I didn't make it clear. I doubt someone has direct access to blizzards servers or anything like a mass hack coming, but I believe their is an exploit in the authentication system that allowed someone to login both the battle.net website and my account while my account was locked (and yes I had SMS protect).