This is crazy! IOTA should be more concerned and careful about their users security. It should be their top priority.
What could IOTA do if the users give their login credentials to third parties?
The breach was not about users giving their login credentials away.
The problem was not having an official solution to generate seeds, forcing users to look forward to third parties solutions. Random seed generation with command line (linux or macOS) was not an option for the most part of users. Offline seed generators (javascript wise) were widely accepted as tolerable practice. Now that sh*t is done, all sorts of genius come here to criticize layman investors and pose as daddy knows it all.