I've seen data suggesting that certain NFC implementations (*cough* Barclay/Mastercard for one) can be functional over a distance of 4 metres. Its certainly possible to read the cards over a distance of 1-2m, as a local supermarket recently had to suspend all "contactless" transactions for a firmware update on their terminals - cards were being read by adjacent terminals.
The chipset in all NFC cards is powered by a magnetic field from the terminal which induces a voltage into the induction loop on the card, so if you increase the magnetic field strength then you increase the range at which the card is "powered up". At that point then the limiting factor will be how good the (software) antenna inside the terminal is - the cards should have (by design) very poor antennas.
It doesn't seem at all unlikely to me that modified terminals will appear, as has happened thousands of times already with chip & pin terminals in the UK.
The specs say that (at least) every 5 times the "contactless" card is used then a PIN will be requested, but personally I believe that will ultimately turn out to be a critical weakness as "modified/compromised" terminals will have a good chance of storing NFC and PIN transactions from the same card. I've no doubt that the banks/CC companies will have (as always) taken the cheap route on this - the encryption used will NOT have been peer-reviewed and probably is only to US export standards (128 bits max), hence that's what will get broken.
There is something fundamentally wrong with pushing NFC out when the banks KNOW that it makes the customer more vulnerable to theft (hence the £20 limit), but the banks are only interested in pushing responsibility for fraud onto the customer. That was the whole raison d'etre of Chip & PIN - making it much more difficult for customers to get their cash back when fraud happens.
I've got a wallet that screens the various NFC/RFID/ID card frequencies (there are a few) & have instigated a "complaint" with my bank whereby I've told them I won't ever be using "contactless" and any transactions using it will be repudiated. The "complaint" is simply so that stays flagged on my account forever.
The problem with magstripes is that they are utterly trivial to read and clone onto another card. By "trivial" I mean the setup cost is well under £100. I've never had (or heard of) a magstripe demagnetising due to storing two cards together - its the same technology as audio cassettes and I don't remember any of them ever being demagnetised either when stored together