Conspiracies, conspiracies everywhere!
If Namecheap/eNom did go the hacker route, they sure wouldn't be dropping their name along the way. That'd be silly. Hackers certainly have their favorites, though--favorite programming languages, technologies, banks, and registrars. Not realizing the negative impact that it has on various reputations, they love to advertise their support. They also have their nemeses, and take any opportunity to make them look bad.
PayPal tends to be pretty secure as long as you know the caveats, but it doesn't cater to hackers. When they're sending funds to each other, it's too easy for them to reverse the payments. (This is why they stick to irreversible payment options, like Bitcoin.) PayPal also forbids a lot of controversial sales, even when legal. They make it very clear who their intended customers are and aren't. Naturally, the hacker crowd isn't too happy about this. Thus, PayPal becomes a prime target: they're not worried about PayPal's reputation.
I'm anything but a GoDaddy fan, and I don't condone such lack of security, but I don't really blame them. They market to small web developers; the sort of people who don't expect their hosting provider to be acting like a bank. This has always been their sector, and they've always offered support accordingly. They aim to walk users through every step of the process, and account recovery is probably an issue that they deal with on a regular basis. You can't sign up for such a service and not expect a generally low level of security. It's a risk you take.
There are plenty of registrars and hosting providers who are prepared to handle more serious customers. My registrar of choice has a completely different interface from GoDaddy's: you can tell it's geared toward a different crowd. Security features are more obvious. They focus on domains; I think they do offer hosting, but it doesn't seem to be a popular feature. My hosting provider has enterprise-grade security with two-factor authentication, support for various one-time codes, an advanced permissions system, complete API support, and RSA key authentication for logging into servers instead of passwords--and it's significantly cheaper than GoDaddy. It doesn't have the easy-to-use website builders, the coveted photo album, or horribly insecure things like FTP.
Did I mention that anyone who knows how to use Linux can intercept your FTP username and password without even being on the same Wi-Fi network as you? It doesn't really matter if it's a secured network. Many hosting providers support SFTP, or at the very least FTPS, so it is possible to securely access your files. GoDaddy doesn't bother to mention this because security isn't a big deal around those parts, even though they do seem to support FTPS (at least, they did as of a few months ago).