Not really correct, but close
Most of the sites that have leaked passwords are not banks. If you get a "password" from a hash collision it is still unlikely to work in other sites.
@symon It does matter for Git because open-source relies on hashes not colliding to confirm that the code is right and proper.