Note that the typical attack will be running a stolen database through dedicated cracking rigs. About 1/5 of user's mtgox passwords were cracked and published within days of the compromise. It was also clear that the original plaintext was found and not some hash-matching string of garbage.