In that sense I can sympatise with MtGox, but on the other hand.....
- They didn't add even the simplest of extra sec checks to their login
- They didn't assume the worst and proceed as such when reports started surfacing that accounts were being hacked
- Their database should have been natively encrypted, performance issues are not a customers concern
Agreed on these points. They don't even do basic IP verification (non-recognized IP, send email with verification link). They really need to step it up.