imagine the registration process as only requiring a username and email address.
the registration script on the server uses a brain wallet code to make a random privkey+public keypair.
it then only saves the username email and PUBLIC key to the registration database. and emails the private key to the user.
(hope your following so far)
now when a user logs in, he types in his email. and private key does not go into any database. a script simply validates the public key saved, to then grant entry.
now inside the system admin cannot see private keys (because they are not saved) making the system safer from hacking making admin unable to say that the website hacked and passwords were compromised. as there are no passwords saved.
i know that website should already be only saving encrypted passwords. but we know that many dont. and i find it a better use of private/public keys to not even need to save a password encrypted or cleartext