Well to be fair, I'm sort of to blame for some of this. I should have hovered over the link in the email and showed people. As far as the passwords being stolen, people thought it was a Phishing scam where it sends you to a fake EA/Origin log in page. Because in order to sign up for this, it requires you to log on to your origin account. But if someone was phishing, they could make a mirrored/fake EA site to log in (and that's how they would get the password).
That said, in a case like that, the URL would be fake once you got into the log in area. But to clarify, that is what people were thinking (not their password was stolen by simply clicking a link). But can't disagree with your post.