In high school I went to class with a guy who has hacked the government on several occasions. He was really smart but he also said that most of the time the passwords were just shit. No surprise here.
On a related note, I think it was Kevin Mitnick who mentioned at one point that most hacking actually ends up being done through social engineering. He was mentioning how people in general want to be helpful, so you can call up a company, and pretend to be working there. As you talk to different people you start learning their lingo and terms, this in turn allows you to sound more and more convincing. So, eventually you get to a person where they think you work for the same company and they reset a password on your account or something similar. This tends to be a lot easier to do than technical hacks.
safety first
I found a YouTube link in your comment. Here are links to the same video on alternative frontends that protect your privacy: