I just hope the usernames and passwords are safe
They are if you use a unique username and password on every site. It also helps to have a password over 16 characters so it can't be cracked even if the password database is stolen.
you're forgetting that bitcoin users have pc rigs dedicated to forcing hashes.
Every character added to password length makes it ~96x harder if you consider all the password characters that can be typed on a keyboard. If 8 character passwords take a day, 9 characters take three months, 10 characters take 30 years, etc.
I'm still changing my 19 character never used elsewhere password though.