Re: You heard it here first...
If buy something from an online retailer, I use the same junk password - if hacked all it will allow them to do is log on, but that's it - placing an order still requires my card details. It's a minimal level of security appropriate for a minimal amount of risk, and doesn't imply the data is worthless or any trust is misplaced.