There more severe problems, in many places I have done contract work for the HR database has only the pw encrypted and all other info (SSN, DOB, Address, Bank Account #, Routing #, etc) stored in plain text. Each time I come upon such a data store, I die a little more inside and then make sure my info is not inside.
We educated people to use stronger passwords (although many haven't learned yet), so we can educate people to use a greater variety of passwords. Simpler passwords makes that possible because they are easier to remember. I think that this neatly addresses your concern.
When using bcrypt to encrypt the password in the database and allowing the users to have very short (3-4 letters) passwords, how much easier is it to crack the password? And wouldn't increasing bcrypt's cost counter the problem?
