If you are particular about the security of your diary (and indeed ANY system that you use) then you should be careful with your password. The following guidelines will help you a lot:
1. Never use the same password on more than one system, we're all guilty of having "standard" passwords that we use but this means that if someone breaks in to your Hotmail account (or any other, I don't single Hotmail out for any particular reason other than they are a public online system!) they have access to everything you do online. Keep your passwords in a notebook you keep on your person if you can't remember them all, but dont use poor memory as a reason to use the same password everywhere. Also remember that not all systems store passwords in an encrypted form - any system that can tell you or email you your password is storing them in a readable format, therefore if anyone were to hack that system they could just read a bunch of passwords - once they found them on the machine of course. I'll add that Dear Diary does NOT store passwords in plain readable format, they are one-way encrypted and hence if you lose your password the only thing we can do is reset it.
2. Use combinations of numbers and upper and lower case letters. Your password on Dear Diary is case sensitive so take advantage of it. If your password is 'fish' then try something like "f1Sh" - that's "eff, one, capital-ess, aitch".
3. Never use real words or names as your password. As Rayne says, passwords can be brute-forced. How this works is the spell check database that most unix boxes come with and indeed now available through a wide range of alternative sources. What the crackers do is they just constantly try and log in using a username and each and every word from the spell check database. So if your password was "fish" they'd find it fairly quickly, if it was "f1Sh" they wouldn't find it from the spell check database at all.
The second method of brute forcing is more involved and often a second wave of attack for those that are desperate to get access to an account. This involves trying every combination of letters and numbers, so for example they'll try "a" thru "z" first. Then "aa" through "az", "ba" through "bz" and so on to "zz", next "aaa" and onwards until they find it or they give up. Of course, this method is extremely time consuming but some people will just set it running overnight and see what it's got done by the morning.
You can make life harder for the second method of attack by using more characters in your password, there are 11881376 combinations of 5 letter passwords - assuming all lower case and no numbers, add in upper case and numbers and you get 916132832 combinations. Go for an eight character password with upper, lower and numeric and suddenly your attacker has 218340105584896 possible combinations to investigate! That means a worst case of around 7000 years to find your password assuming they can get around 1000 validated per SECOND - highly unlikely given that each attempt will have to be done across the Internet connection.
As I say, if you're particular about your privacy then don't make it easy for them, hopefully the guidelines and advice i've just given you will help to secure yourself online.
Matt.