An excellent hypothetical scenario that underscores just how important it is to use different strong passwords for everything:

You have email account x@y.com, which is your main email. You have the password XYZ, which you use for everything. You register at paypal with your email address x@y.com and use your normal password. You then register at some obscure webforum using your normal email and password.

Obscure webforum keeps new member details in plain text on their site. Hacker hits obscure webforum and takes thousands of email addresses and site passwords. Hacker then feeds these emails and passwords into paypal, a good proportion of which will actually work.

[Via a comment by Bert9000 in Charles Arthur’s post on recent iTunes/Paypal hacks]