I have no worries. If someone gets my MS account email and password, they are pretty much useless. I have the two-step verification set up, you can do nothing with password only. To get to my email account, OneDrive, any personal information you also need access to my mobile phone or my home phone to get the verification code.
You cannot access my account and see my information at outlook.com, onedrive.com, live.com or any of the other MS sites without a verification code. You cannot reset my password nor can you change any of my information; for that you would first need one verification code to sign in and see my information, then another code to change the information. You cannot set up a Windows user account using my MS account without a verification code.
Being afraid about a possible hack to MS servers is as far as I am concerned pretty much a useless fear. We consumers have to trust some basic things, for example you don't stop flying because some planes do not reach their destination. Of course not, you continue flying because you know it is by far the safest mode of transportation. Not the best metaphor but you get my point.