Self verifying survey.
According to businesswire.com,
"The 2008 PayPal Trust and Safety Study was conducted by Ipsos Research from May 28 - June 3 in the United States, and from August 15 - 25 in Europe. The e-mail survey reached 1,000 panelists in each of the six countries: the United States, Canada, France, Germany, Spain and the United Kingdom. All respondents had shopped online in the past 90 days. Quotas for age, gender and PayPal usage were set during the survey to ensure representative online populations in each of the six countries."
So the survey is selected for those who responded, but more importantly for those stupid enough to describe their flawed security practices in response to an email survey. In other words all respondents who were not simply lying or actually practicing strong security identified themselves as people especially susceptible to phishihng and ID theft.
(I'm assuming the email was not signed, which would cause yet another bias.)