> If I buy some socks on Amazon with my credit card info intended only for buying those socks and a hacker steals this info and then uses it to buy a plasma TV at Best Buy, this exactly meets the definition of double spending, and this is exactly what credit card thieves do (and what you can't do with bitcoins.)

That's not double spending. The same "dollar" isn't being spent twice. Credit card theft basically means using someone else's credentials (in this case, a credit card number) to purchase goods. If you get the private key for someone's wallet, you can do the same thing (although it should, in theory, be much harder to do this since there's never any need to share your private key, unlike with credit card numbers).

Cheers, those are some good points and I am indeed conflating fraud and theft.

So the key point you're making about the Amazon/Target scenario is that a criminal who breaks into one of these systems has the ability to launch transactions on my behalf, which s/he wouldn't be able to do with Bitcoin. Which is fair but not universally true. Some international vendors and cards require you to go through the equivalent of the verified by visa system for all transactions. The way this works is that you give the vendor-site your credit card info, they pass this on to visa/mastercard and redirect you to visa's page where you can (1) see who you are paying and how much and (2) need to type in a password that only you and visa know in order to authorize this transaction. I suspect usability is the only reason this system isn't universally prevalent.

I think the Bitcoin scenario is worth thinking about a little more. Fred Schneider, the Cornell professor, likes to say that you can't reduce the amount of trust a system needs to work, you can only move trust around. What Bitcoin seems to have done here is now instead of trusting Amazon/Target etc. we now trust the applications which announce our transactions to the Bitcoin network. If this application is another website, like Coinbase, I don't think we've made any progress. If it's a local program that runs on your computer, it's not clear to me that is necessarily more secure. But if this is the hypothesis being made - that locally run bitcoin wallets have a reduced attack surface in comparison to the websites that store your credit card information - then I would say this is a hypothesis that is worth investigating. But we do need to acknowledge that we don't have enough data to determine whether this is actually true at this point in time.