Thanks jr for the clarification. Would I be correct then in saying that the security protocols for online are more aimed at the risk factor of having some exchange holding them than an actual personal hacking risk on a general user's computer? In the same context as your Target example: always have good passwords for stuff you do online but with 3rd party sites dealing with your money, extra security is best. Common sense more than some immediate looming threat?
depends on what level the site holds your money, but yes, it is not a looming threat to always be fearful of, just understand that if you dont have the private key, then you dont really have your bitcoin, but if its a well established site your fine keeping small balances there you would want to spend
another example, making a wallet at blockchain.info, they both store your wallet and give you they private key backup in case they go down, it is an extra security weakness because a hacker can possibly get through the password wall, but blockchain doesnt have access to your coin, so they cant spend it and tell you they still have it like Gox did
if you are just getting into coin, DONT keep your full balance on a random site no matter how good a password you think of, start with blockchain.info or another trusted wallet interface that lets you keep your keys, add 2FA and keep a copy of your private key offline just in case