If you have the data from breaches listed on https://haveibeenpwned.com/ you can already get access to some of his passwords (not tested of course). It seems like the "nothing to hide"-philosophy has also been applied to the password complexity.
I'd strongly recommend to use secure passwords and maybe a password manager. Further, I'd recommend using different aliases and email addresses for different websites, or at least keeping email addresses private where possible.
