[jrockway]

It happens accidentally. I use different passwords for different services and remember them (rather than store them in a database). Once in a while, I'll type the wrong password into the wrong site. That's game over; the account that actually used that password is now compromised.

[pasbesoin]

This is an important point: Type in the wrong password, and you've potentially given away the account that that password belongs to.

And, other things being equal, the more visible your "presence", including the account that the password belongs to, the greater the risk of compromise.

Did you type that wrong password into a dodgy site? Did you type it into a site that does not use https? While on a relatively more unsecure connection?

Even if you trust the ethics of the site, how do they log, and are those logs secure?

Paranoia: Stimulant of the chronic surfer. ;-)