I'd be interested to know what their password requirements were. I'm sure there's plenty of arguments that they could have forced better password best practices if they tried.