Hmmm... for just a moment... I had an idea for a Nxt hacking toolkit.

It works like this:

It scans the block chain for active Nxt accounts with balances.
Then it uses hashcat  (see: http://hashcat.net/oclhashcat/#features-algos ) to crack the secret phrases.
Any match with any of the existing Nxt public addresses essentially cracks the account.
The account then is silently drained of its holdings.

I wonder how much people who pay for such a toolkit?