Well, he should have posted the list and shown all the accounts that were affected, WITH the passwords so we knew not to use those passwords. I changed my password when I read about the hacks, but then years later, I accidentally changed my password to one I had used before, and one that was sold to the deep web by Theymos. This is big shit, most people use the same passwords on other sites. My YoBit got hacked and drained as well.
For somebody who is lecturing Theymos, it seems you don't really understand what has happened here. There is no list of passwords to hand out and it would be a terrible idea to do so even if it was possible. When bitcointalk was hacked they stole encrypted hashes of the passwords, possibly with a seed, so even the hackers would have a hard time finding out the real password.
Other websites are probably getting hacked and the passwords are being used to login to accounts here. There is little the staff here can do when accounts are being traded, if you ban the sellers it will simply go underground and this would be more dangerous as it hides the problem.
Now, personally I think it is a bad idea allowing email address or username to be used to login. It should just be the username. It is possible that two factor authentication, like text message pincodes, could help - but it might prevent large groups of people from using the site.