Interesting, when mine got pwnd, one of the charges was from Florida as well. Wonder if there's a connection?

Here's my guess as to how it happened: I frequently give my credit card to restaurant employees without a second thought. I trust them to use it to just pay for my meal, and not steal its data and offer it up for sale on an IRC channel. Clearly this trust is misplaced.

Another possibility is that some credit card receipt printers won't "X" out the full credit card number, and someone dumpster-dived. Another possibility is that someone got the number from an old-style carbon receipt (once in a blue moon I make purchases that involve those kinds of receipts).

In any case, the convenience of being able to pay via those methods, combined with the swift and painless way that the banks will correct these kinds of things, makes it worth it for me to continue my purchasing habits unchanged, even though I know I'm gonna get pwnd again.