Again, there is nothing on the bands to hack. At BEST, if someone were to scan ALL the ID codes on the band (there are at least two, and I understand there may actually be three - one for the active transmitter and two for the different frequency passive chips) and duplicate them somehow to a card or another band that isn't obviously fraudulent, again, AT BEST they'd be able to TRY to use your ticket credentials to enter the park (and if the finger scans are active, be denied and questioned by the CM who sees the name of the band's owner on their display away from the person using it), purchase an item (and need the PIN number), use your FP+ (not sure if they can find out when/where at the kiosks without additional info), and if they somehow know what resort you are staying at, MAYBE get in to your room but without knowing what room number, trying to scan it at every door is likely to wave very large red flags and lock it out.
To get ANY information about you, they need to have access to "Disney's Database of Everything" as I call it. Even if they surreptitiously can manage to scan the band at a CM terminal, that CM terminal likely only displays the information required at that terminal - I haven't seen it myself, but I understand that at a FP+ touchpoint, it only displays a person's name, and their FP+ time. At parking booths or park entrances, they can probably call up more information to better ID the person if needed - match against a drivers license, for instance.
If you're worried about a CM knowing your address and that you're on vacation, they already know it at the resorts, or when you show your ID when you arrive at the resort to check in.
If they can pull info similarly to an EZ tag going through a toll plaza at 70mph, then why are there such bottlenecks at FP+ return and the constant reminders of 'Mickey to Mickey'?
Slightly different. The receivers in the toll booths are MUCH larger and sensitive, and for the more recent passive tags, put out a much larger and more powerful magnetic field - I personally wouldn't want to hang out next to one for hours.
As mentioned previously there are two types of transmitters in the band.
1) An active transmitter. This, based on battery and transmit power as reported to the FCC, can be read at around 9-15 feet without more focused receiving equipment. This is NOT used for most things, as it would have trouble distinguishing people in a crowd. It CAN be used for positional tracking, but basically within a 15 foot radius unless there is more than one directional receiver in range, but most receivers aren't directional in that regard. They basically say "IDXXXXXXXXXXXX" is near LOCATION - along with everyone else in range. The guest-visible use for this is supposed to be for certain special "experiences" where for instance a princess will know the name of a child or pt up a message on a screen when you pass by without anyone having to explicitly wave a band at a touchpoint.
2) A passive transmitter (x2, at different frequencies). This doesn't use the battery at all. Instead, you place it near an "active reader". The reader puts out a magnetic field. A wire in the band (which doubles as the antenna) converts the magnetic field into enough electricity to tell the chip to transmit its ID back to the receiver. The effective range of most passive systems, without very special equipment, is less than 10cm, and for many it's a lot less than that, depending on the power of the magnetic field. Disney's touchpoints are significantly low power enough that you have to be practically touching the touchpoint itself with the "hot point" of the band (where the Mickey head is). I think the location of the hot point on the band and the sensitivity of the touch point trip people up as I think it is awkward for people to turn their wrists that way, and why it seems to slow people up in the FP+ lines.
At any rate, feel free to wear the tinfoil hats if you like. Put them in the anti-RFID pouches when you don't need them.
