If you make an account on let's say, some cooking forum and then use the same password & emailaccount for other forum accounts, like facebook, you're basically just handing out your facebook account to the cooking forum webmaster. That guy/girl only needs to take a list of registered accounts and try them at facebook. However stupid as this example may sound, it happens a gazillion times, even as we speak. I think hackers more often exploit stupity on the endusers' side than they exploit technical security breaches (like heartbleed). That's all Am I right ?