As pointed out by others up-thread real financial institutions like banks have multi-layered security procedures. I haven't used Mt Gox yet so I'm not going to trash-talk their log-in security; but if it is anything like any of the banks I've used a weak password would not be an open-sesame to a hacker.
First the hacker bot would have to guess a user-name. "A" Not recognized. "B" not recognized. "C" not recognized. At what point should the log-in system cut off the bot and direct it to call customer service? Suppose it gets lucky at "AA" So now it has to provide a password. Perhaps it has a list of common passwords to try first. "Password" not it. "password" nope. "PASSWORD" -- Message from system: "Too many log-in attempts. Please call customer service." If Mt Gox allowed password cracking bots to run wild on their system (and I doubt that they did) they need to be shut down now.
Modern banking systems work fine with ordinary everyday people, if Bitcoins require computer security geeks to use them safely, while "idiots" lose their life savings, Bitcoins are going back to zero.
This system would be completely ineffective against someone that seriously wanted to get in. All they would need to do is keep changing proxies, not store cookies, etc. It is nice that some software enforces password strength, but in reality, password strength is up to the user. Software can enforce password strength all they want, but if a user is constantly using the same "strong" password, it eventually becomes weak in the grand scheme of things. Look at the users complaining about their mybitcoin accounts being drained. What was the issue? Yep, they reused the same password. The only liability on the software (and software provider) is to secure their software. This entire mtgox explosion never would have happened if it werent for poor security practices -- same with every other exploit we have seen during the past couple of months.