[EC1]

Could also be used to just grab the password and try it against other accounts. Most people have one password for everything.

[lovelettr]

That is a valid point that I didn't think about.

I forget that not everyone uses something like 1password generate random passwords for all sites. Therefore, compromising one doesn't compromise them all. I recognize that is not common behavior.