Indeed, I'm not investing a huge amount in SD due to the risk, my passwords are very secure - but you can never 100% trust server security even if the passwords are hashed
It doesn't matter how secure your passwords are if you re-use them. In my experience watching people trying to crack accounts, I'd say having a weak password is actually better than a super strong reused password. (But of course, you're best off using a password manager or sha256("super secure password" + siteName) as your password