If people prefer paying half a percent fee on every trade for the convenience of using simple easy to guess passwords on website-type user-interfaces that is the free market in action. For puny trivial sized trades the convenience is probably worth it. Maybe though for at least some people avoiding that fee and having to put up with a secure method of communication with a server might seem worth it when they deal with significant sums.
-MarkM-
Understandable, and there is no reason the private key itself cannot be stored encrypted with symmetric encryption on the server. The symmetric key can be generated/computed from the password on the client side and used to decrypt the private key after its fetched. This is then used to sign the server challenge. This is convenient, with the risk that encrypted private keys are now on the server.
Another option is to use openid/oauth type schemes where the authentication is not done by the server/business in anyway but relies on well known providers such as myopenid, google, facebook.
A yet third option is to have a browser plugin that fetches your private key off a thumbdrive and makes the entire login process seamless. i.e. when you go to the website, as long as the thumbdrive is in your computer, it will fetch the private key, do the authentication and sign you in automatically. You only see a notification of successful login or failure. It can also sign any transaction request, authenticating your request to the server. I'm sure some of the smart folks here could easily write something like this.
I would add yubikey, but that's tying to a vendor.