I bet most of the time good hackers don't even need sophisticated software, just a good partial and a dash of mined social data.
If the person is dumb enough to put a password of his dog's name or his neighbors name, then he might deserve it.
Passwords should always be separate from your social info.
I think the VAST majority of people out there use weak passwords due to ignorance, convenience, laziness and lack of creativity. I'd like to think that us Bitcoin folk are in the minority though and better understand the problem/stakes and go the extra mile.