And conversely, all 4 of the 14 char passwords were also variants of username/email address/domain. Same with both 13 char passwords.
I'd wager most of the 2500 or so passwords cracked were variants of the email/username/domain. I think there is a pretty important lesson there.
Namely, don't trust sites that "encrypt" your password with MD5 or anything similar? Don't trust sites that do not understand the fundamentals of encryption?
Read
this. Bear in mind that the $2000 CUDA systems he's referring to are the same sorts of systems that are described in the BTC mining threads.
Then consider how much having a "strong" password, by any definition of "strong" you'd like, would save you under those circumstances.