Yes, this happened to me a couple months ago, and I thought my gmail password was pretty good. I've made it better, but anyway, here's what I learned from the Chinese hack:

1. I knew it happened well before Google notified me. People were emailing me that they were receiving payload-laden emails from my account SEVERAL HOURS BEFORE the google notification banner appeared on my email account telling me the Chinese had hacked my account.

2. I'm fairly certain it was entirely due to POP3 access to my Gmail account. By default this is enabled. I didn't use POP3 access, so I've since disabled POP3 on my gmail. Everybody!!!! DISABLE POP3 ON YOUR GMAIL NOW.

3. I know they got my entire contact list, and I'm assuming they got that via downloading all my old emails. Some of my old emails were password confirmation emails. So if they wanted to datamine the stuff they downloaded, they might have the passwords to some of my favorite user forums. So I changed those too. Everybody!!! DELETE ALL OLD EMAILS THAT CONTAIN PASSWORDS.

4. I changed all of my passwords on the important web sites and things like Amazon, or the logins that I use to access FTP to web sites, that sort of thing. I deliberately left my Facebook password to be my old password, as a honeypot. If my facebook gets hacked, I know they're data mining for passwords.