It doesn't appear that random guys on the internet are having much trouble stealing blockchain-based currency. I'm not sure why you think the NSA couldn't do it too.
When you store your private keys in a centralized repository, where they can be taken by asking nicely (as in SQL injection), you are either not using a blockchain-based currency, or you are using it badly.
The same is true if you generate a private key with a lower entropy source to simplify encoding (called a brain wallet for some reason.) Yes there a longer passphrases that do have more entropy, but you are still limiting the alphabet and the complexity for dictionary attacks.
