The perennial question! I have spent many hours agonising over this. Should family history details be available to all via the Internet (or for that matter a published book)? Just how great is the risk of identity theft? I would have said I am extremely careful with regard to on-line security - yet my credit card has been 'hacked' twice, or rather, I've had two cards hacked, my original and the replacement less than two months after I got it. I'm not sure how it happened, but I'm sure it has nothing to do with my family history on-line. I believe it is pretty unlikely for someone to stumble upon my wiki without doing a search for specific name that exists in my data - if they know the name they are probably related. As I do not record current addresses I think it highly unlikely that someone could put together a name and birth details etc. from my family history PLUS current addresses and other relevant information and have enough to create a new identity. In many cases for living people I don't even have their birth dates - I seem to know more about my dead relatives than the living ones! As for the risk to credit cards from my data - impossible - the thief would have to have card numbers from other sources and successfully put the two together. And if they have a card number from another source they don't need any info from my family history. I think the biggest threat comes from people accessing the information and adding it to their own as gospel, and perhaps never seeing corrections or additions that I make so that their data may be incorrect. Others may see their information and assume it is all fact.
I have data in three places on the net - GenesReunited, my wiki and Ancestry.com. It is only available to people I approve through GenesReunited - but they can download a GEDCOM of the data making it an easy process to 'steal' my info and add it to their own. Ancestry.com is a Public Member Tree, maybe I should make it Private so only invited people can see it - if they want the info they can easily add it to their own tree, but on a person by person basis, so it is pretty time consuming. The good thing is that Ancestry does not publish data on living people, not even names. The bad thing about that is that it creates a false impression about a family. My wiki is open to all - I did password protect the pages for a while, but then I found that a Google search would show up relevant reports, but not the site itself so visitors wouldn't see my requests to maintain privacy etc. So, after much deliberation I have removed the password. With the wiki it means all info has to be typed in by hand as the reports are in .pdf format, not GEDCOMs, so not an easy task.
There is also the question of obtaining permission from others to use their data. It is virtually impossible to contact every living descendant. I have certainly asked permission from all people who I know have contributed lots of data. But I had a case the other day where someone I had never had contact with, but who was in my tree, contacted me to say she had given the info to one of my many fellow researchers for private use, not wholesale publication. So, to respect her wishes I have privatised the descendants she didn't want on the web. I have also done this for a couple of other major contributors who have asked for details to be kept private. I do not like to publish a database where every living person is listed as Private - it looks so messy. Also, some living people don't object to details being available, and some people want recent generations hidden even if they are deceased. My solution is to make some individuals Private so their places are 'held' but with no names or other details.
I am perfectly happy to share info with fellow researchers - after all we need all the help we can get. That's why I decided to put my work on the internet. It is a convenient way to let relatives who are interested see what I have discovered. But is is also an easy way to share with fellow researchers who may also be able to give me new information - and the web search engines have to be able to see my site in order for new contacts to be made. If I bite the bullet and pay for my wiki site I can make it by invitation only, but search engines won't see it either. However, sharing, and outright pinching data are two different things. If I have been given information by someone I credit them in my sources, and if I've got lots of info from them I acknowledge their assisstance in my wiki General Info pages for each surname. But I know of at least one woman who was given permission to access my GenesReunited Tree - she has 'nicked' the lot (even the branches that are NOTHING to do with her lines) and published it with her own research on her other lines on a web page. To top it off, she has some marriages in the wrong order where there have been multiple marriages. I have contacted her and asked her to modify the data, and to make corrections to some errors that I have discovered in my own data. I also chided her somewhat for not acknowledging the source of her information in any way. Naturally she has refused to respond to my requests, and the errors still remain. I know it is my work because she has my exact wording in several obvious places, such as a place of death as being the Ab....... Invalid Asylum (because I couldn't make out the exact name when I first entered it). Another tree I found on Ancestry.com also obviously comes from my data - don't know where he got it, but again there are some since discovered errors, but when I asked him where he got the info, and asked him to correct the errors he blocked all messages from me and didn't respond.