And in this case, I am talking specifically about security policies for sites that store credit card information, like specialforces.com did. I do not believe that having no password is an acceptable trade-off in this situation.