Even if you have a difficult-to-guess password, a hacker can still gain access to your Google account by getting you to log in through a fraudulent link, or by getting malware onto your computer that installs keylogging software or modifies your hosts file. If your computer has been compromised in that way, you may think you're logging into Google but you're really giving your information to a hacker. Google speculates that this is how the Gmail accounts of several human rights advocates were breached recently.
(Tip: Always pay attention to the URL in your browser before entering sensitive information if you clicked on a link from an e-mail or a third-party page -- if the domain name is wonky or doesn't match where you're supposed to be, it's a clear indicator that someone's trying to dupe you.)
If you're still using Internet Explorer 6, upgrade immediately. According to security firm Secunia, IE6 has 24 unpatched vulnerabilities -- far more than any other browser commonly in use today. It was an IE6 flaw (that has since been patched) that enabled the December 2009 breach of Google's network. Google plans to drop support for IE6 for many of its services this year.
Beyond that, practice good Internet security behavior: Run anti-malware software on your system (yes, even on Macs); don't click on links in e-mails, even from people you trust (or if you do, pay attention to the URL, as outlined above); don't open attachments you aren't expecting; stay away from shady Web sites (porn, illegal file-transfer or warez sites); and never click on pop-ups, not even to close them (instead, use the keystroke commands Alt-F4 on Windows machines or Command-W on Macs).
"Sandbox" your browser. Use virtualization software like VMware Player or Parallels Desktop to create a self-contained operating system so that viruses and other malware cannot access your hard drive directly -- and when you're done, trash the session and start a new one from the original disk image. A browser sandbox such as Sandboxie also offers some protection by isolating your browser from the rest of the system.