There are so many ways to steal a name that it would be beyond th scope of a post to describe them all. Any howto protect against is a howto do. I guess if I phrase things in a “prevention” sort of way then I won't loose any sleep.
As others have said, use strong passwords, different password, hard to guess questions, etc. This is common sense. So is keeping your machine clean of spyware.
Keep your contact information up to date. Check to make sure it is correct. I couldn't even count the number of names I have seen people loose because their ISP changed their mailbox or their spelled their ISPs name wrong. Your thief can register the typo and steal the name, or better yet wait till the name expires because you missed the notice.
Don't click emails from your registrar. Type their URL into the address bar. Despite what Microsoft may want you to believe, it is still trivial to spoof a URL.
Only check your email from a secure machine. Using an internet cafe is a risk. So is a wireless network. So are services that let you check mail on multiple accounts and view it in one place. Use an appropriate definition of “secure machine” depending on the value of you name and your paranoia. An office LAN may not be secure. I have (legitimately at the request of the owners) monitored an office network to collect all sorts of information, passwords included.
There are some things you can not really protect against, but may want to be aware of in case an “inexplicable” transfer happens. It is possible (trivial with certain servers) to bombard a machine with forged DNS information, causing it to resolve the wrong address for a name. If this was done to a mail server while it was relaying a transfer request then a name could easily be stolen. I have never seen this used to steal a name, but I have seen it used for other things.
While most transfers take place online, they can take place in the real world with good old paper. The story with sex.com has received a lot of press over the years. I have seen this happen to other names. It is not an isolated case. Not much you can do to protect yourself here though.