The category of attackers who are willing and able to commit a (possibly violent) physical crime to obtain one or more of my login passwords is much smaller than those who will successfully exploit weak and re-used passwords over the internet.