it's mtgox and the hacker's fault. it's not theirs.
That's a pretty resourceful hacker that has the skill to force thousands of bitcoin users, against 20 years of internet security advice, to use the SAME PASSWORD on every site. I tip my hat to him.
i'm not saying it's not my fault, of course a lot of its my fault for having the same password.