There is lots of talk about the ways that proximity cards can be remotely cloned, communications lines to controllers can be hacked, and biometric readers can be fooled in various ways. Manufacturers tend to play these vulnerabilities up in various ways, and urge that end-users replace their existing systems with the manufacturer's new system that is nearly impossible to defeat because "we use 1024 bit encryption, rolling code algorithms, blah blah blah....."
Yes, there is a multitude of ways that nearly every type of security technology can be defeated by a criminal, given enough skill, time, and the right equipment. And yes, there are certain types of end-users and certain types of facilities that should be concerned about these types of attacks and should take every reasonable step to prevent them.
But the vast majority of criminal acts are carried out by stupid people using remarkably unsophisticated techniques. It's my opinion that the risk of burglary using a remotely cloned proximity card is extremely low for 90% of all end-users. As Brian stated, it is far more likely that someone will tailgate into the building or force open a door or window than they are to use a cloned proximity card. On large buildings, it is also common to find doors that haven't closed properly or things like overhead doors left open even though they are unattended.
In a surprising number of cases, you can get into a secured building by simply asking - many untrained employees will knowingly let you in provided that you have a convincing story and are dressed appropriately.
At the end of the day, it is all about matching the types of security countermeasures used with the types of attackers that you expect. Facilities that contain extremely high-value assets certainly shouldn't rely on standard 125kHz 26 bit proximity cards, while using encrypted smart cards with biometric authentication would probably be overkill for an office supply warehouse.