Or even if they do use so called 'strong password' they'll easily get cracked by a GPU based password cracking program. These days even 11 to 20 character length password aren't safe.
Now you are exaggerating. If you don't use dictionary words and preferably you use a random combination of alphanumerics, 15 character long password is uncrackable brute force. Even whole Bitcoin network would not brake it. My back-on-the envelope estimation is that such a randomly chosen password would need more than million years on all the GPUs on Bitcoin network. I think we should worry more with weak password and trojans.