It's all a 'fail'...
Rock You, you fail on all levels - SQL injection, clear text storage, no password policy
But the debate here is about the analysis. Some commentards are gloating that lusers are morons. Yes, yes - we know that. (Actually, of course the majority of computer users may not have finely-honed security skills but they are no more moronic than the population at large... oh, I see what you mean!)
The problem is not stupidity per se - it's practicality. As others have noted, people can remember words and phrases in their own language better than they can remember meaningless character strings. So we end up with dictionary words. FWIW, substituting numerals for lowercase letters is better than nothing but not much use against a decent Rainbow Table.
Length, of course, is important (if my passwords were as short as my willie they would have been pwned years ago). The way Windows LAN Manager hash split passwords (until Vista, I believe?) meant that 16 chars became the minimum for the really paranoid and that attitude seems to have stuck among sysadmins. But it's counter-productive if a helldesk instructs lusers to use 16 random chars - virtually no-one has a clear idea of 'random' in this context and virtually no-one can remember 16-char strings.
As to horses for courses, of course it makes sense to use stronger passwords for banking or business than for wanking about on FaceAche or on Twatter (I wonder if Stephen Fry's password is 'Fat Smug Know-all'?). But human nature being what it is, people simply can't be arsed to remember more than a couple of passwords.
The taboo against writing down passwords is not always helpful. Obviously in a non-secure office environment sticking a post-it note to the screen with 'Passord: Bgx1#dw"£$' written it is insecure: having it written, perhaps back-to-front, unobtrusively in the back of your pocket diary is far less so.
So what are my solutions? What insights can I offer you? The answers are 'none' and 'none'. IMO, crap password security is a problem we are stuck with for as long as ordinary people (as opposed to geeks) use computers - in other words for ever
PS: I recently had to advise a home-office-computer-using client that having their pet's name as a password for everything from log-on to email to online banking (where, to be fair, the bank insisted on other characters as well) *and* as their security question answer was probably not a good idea.