The problem in the MtGox incident was not unsecure wallet.dat's with the users... it was unsecure MtGox's databases. So the trading sites should get some standard equal to a modern online banking site, and not md5-hashed or even plaintext passwords in some unsecured SQL database.