MTGox security was flawed: the API instructions where send using cleartext passwords in the URL.
With such security sense it was a matter of time.
Some unusual tips for creating very strong and very easily to remember passwords from grc.com:
https://www.grc.com/%5Chaystack.htm
It is not about randomness, it is about length and potential complexity.
Cheers!