The real question should always be how you detect and handle these attacks. Allowing someone to attack your service for 12 years and eating up your resources in the meanwhile just sounds too passive a solution.
That's not the attack you worry about: instead, consider the case where someone somehow obtains the database and can do an offline attack on it. Be it a SQL injection or account compromise (or sheer negligence and publishing the database), once that happens you'd better handle passwords reasonably well.
If the only attack situation you're worried about is a online guessing attack, then there's no need to even hash passwords.
If the only attack situation you're worried about is a online guessing attack, then there's no need to even hash passwords.