After having my account compromised, I see a really good reason for why SE has been so latent about banning these accounts:

A lot of these RMT have exploited some security flaw to access accounts that were not registered with a security token. A lot of people have had their accounts compromised without going to any malicious websites; they simply came home from school or work and found their accounts suspended.

So this leads to a bigger problem- do they ban all the accounts outright, or do they attempt to un-suspend the compromised accounts while trying to determine which accounts were created soley for RMT and which were compromised?

Good luck, SE.