I just wanted to chime in and say that I worked at a grocery store and know a bit about how the "activation" works.
When you check out, the cashier (me) is required to swipe or manually enter the card number for the itunes card, the system then waits for payment, and WHEN payment is confirmed... the itunes card number gets wirelessly transferred to apple so that it can be updated in their databases as "active". Theres no way for a common store employee to get around this, believe me I've tried.
That being said, there are many systems that use "code activation" to sell digital products (ie. cd keys for games). These systems usually rely on a algorithmic key generator to make "valid" keys and a database of activations to make them "active".
The algorithm for itunes cards has no doubt been cracked by now and made into a keygenerator. After that, all that's needed is a backdoor or loophole in the system to make the keys active. Usually this process will have an imperfect success rate but still good enough to make someone A LOT of money.
That's what these keys most likely are. That's why you here stories of people getting keys for the wrong amounts and/or receiving extra keys even though the seller doesn't seem to care that he has given you way too much. He most likely has a crude speadsheet of keys that he has already processed and just copy/pastes them in emails to send out to buyers.
So yes, these cards are not legitimate, but they not as bad as the "stolen credit card" theories make them out to be. You wont loose your credit if you buy them, apple will simply try to patch the exploit to prevent further scams.