1st Level Security-SSL or 128 bit secured connection
2nd Level Google account checks for cookie in the sytem of user
3rd Level Google provides a redirection to the entered User information
4th Level Google doesn't use conventional php/aspx/asp coding so impossible to attack using input validation attack!!
It is not an easy task to break this security! But still some people manages to get access to other accounts. The question concerned is How they do it? Many of them just use simple tricks that befool users and then they themself leak out their password. Here are some points you need to take care of, to prevent your Orkut account being hacked!
Phishing Attack is the most popular way of stealing other's password. Popular by the name of fake login (among those who knows it!!) the users land on a page where they are asked for their login information and they enter their username and password thinking it to be a real page but actually it is other way round. It submits all the details entered to the programmer or the coder.
Community Links: Many times you are provided with a link to a community in a scrap. Read the link carefully, It may be something like http://www.okrut.com/Community.aspx?cmm=22910233 OKRUT not ORKUT. Clicking on this link will take you to a fake login page and there you loose up your password.
Orkut New Features: I have come across a page that looks like they are giving the user a choice of selecting new features for orkut with your ID and password, of course!! When user submit the page, there goes his ID and password mailed to the coder.
Java script: You must have seen the circulating scraps that asks you to paste this code in your address bar and see what happens! Well sometimes they also leak out your information. Check the code and if you are unsure of what to do, then I recommend not to use it.
Primary mail address: If by some means a hacker came to know password of your Yahoo mail or Gmail, which users normally keeps as their primary mail address in their Orkut account, then hacker can hack Orkut account by simply using USER ID and clicking on 'forget password'.This way Google will send link to the already hacked primary email id to change the password of the Orkut account. Hence the email hacker will change your Orkut account's password. Hence your Orkut account hacked too.
So a better thing would be to keep a very unknown or useless email id of yours as primary email id so that if the hacker clicks on 'Forgot password' the password changing link goes to an unknown email id i.e. not known to the hacker.
Hence your Orkut account saved.