The incident notification states "website user names and passwords could also have been accessed", so I guess this means cleartext passwords.
"Cloud Collaboration. Rock-Solid Security."
"Our servers are based in Switzerland, Germany, and France."
Which would be preferred by Europeans. Well now...
It's a security/UX tradeoff.
We hear about new attacks and vulnerabilities, more credit card numbers stolen, more personal information stolen, on a weekly basis. I think we're past the point of accusing legislators of acting in a reactionary manner to an isolated incident or two should the proposition of regulation be put forward.