The savannah.gnu.org compromise in December 2010 is another example of the weakness of system passwords: there will always be someone using a brute-force attackable key. And that is the weakest link.
I just want to point out to all our readers out there that the Sibyl is precisely an idea to implement a secure way to store hashes of passwords and prevent brute-force attacks. It is not computationally cheap or even the simplest of setups, but security has a price. At least, it is, but for the hardware part, which depends on your implementation, ‘gratis’ and BSD-licenced.
Hope you like it.