And something you can do:
Register something that is least likely to get spammed by dictionary attack (maybe the old random Prodigy ID if you had one and remember it). Only use it to sign in...and nothing else. Then create your aliases. So when you give those out, they can't be set up to try and pick your account because they won't be valid login IDs.
Don't you wish Yahoo would add this feature...make a Yahoo ID one of your alias email address but also make it so it can't be used to login?