OT: Read in this post about the wallet stealer. Even if this guy lost it that way or if someone else loose it like that. The hacker still needs the password doesn't he?
Of course, they need the passphrase.
However, if they dumped a keylogger onto the system, then the keylogger would be able to pick up the passphrase and redirect the logged keys to a remote PC and allow the person on that PC to then access the encrypted wallet and therefore they would be able to lift the keys from the wallet and drain the funds from those keys...
...the person who had funds at those keys would then lose their bitcoins because they would be moved to a new address by the person who managed to obtain a copy of the wallet and the passphrase. The other person would then control the coins from that point on.
You only need the private key to a bitcoin address to take the funds from that address. Since the private key allows one to spend the coins at that address, if you were to obtain the private key to another person's bitcoin address you would have to perform a transaction to your own bitcoin address in order to steal them (and of course keep it's corresponding private key - or else you couldn't access the coins yourself).
As already stated above, no keylogger was found after an indepth forensic audit of the machine used for that wallet. No malware either. And that same machine was used for other wallets as well, yet they were/are untouched and their coins still there. (they were all immediately resecured and liquidated for cash) And the machine was never used for browsing or anything else. It was a dedicated machine, on a dedicated isp connection whose singular purpose for bitcoin management. It did not travel, it did not connect to wifi connections in coffee shops...