Its a difficult situation for them to find the right owner of an account to give the account back.
What I personally believe jagex should do, is ask questions from various points in time. They could add quests which, a player could choose one way or the other. After the quest, there would be no evidence of the chosen path.
Jagex could then ask players which path they chose when they did that particular quest.
I've never had an account locked, so I don't really know how the process itself works at all. But if they implemented multiple crossroads kind of decisions in quests, then the real owner of the account could remember them and the hacker would would not know which way the player chose.
I feel for you, I've heard stories of true owners getting their accounts back, and I've heard the opposite. My advice is to make a strong pass, even add some numbers after it as well. And to never share your pass with anyone. Even best friends. And never visit random sites
.
Trust me, people don't get hacked if they follow that last paragraph. They just don't.