I know this since a long time ago, but I guess both you and I know for a fact that most users tend to use the same password.
If they do use the same name and pwd as on other sites, and their mail is compromised, they could have many other accounts compromised as well…