http://www.newsfactor.com/news/Sony--A-Studio-Ripe-for-Hacking/story.xhtml?story_id=103003JX4B3L
The stolen files expose lax Internet security practices inside Sony such as pasting passwords into emails, using easy-to-guess passwords and failing to encrypt especially sensitive materials such as confidential salary and revenue figures, strategic plans and medical information about some employees. Experts say such haphazard practices are common across corporate America.
"Most people who say they're not doing that are lying," said Jon Callas, co-founder and chief technology officer for Silent Circle Inc., a global encrypted-communications service.
The emails show CEO Michael Lynton routinely received copies of his passwords in unsecure emails for his and his family's mail, banking, travel and shopping accounts, from his executive assistant, David Diamond. Other emails included photocopies of U.S. passports and driver's licenses and attachments with banking statements. The stolen files made clear that Diamond was deeply trusted to remember passwords for Lynton and his family and provide them whenever needed.
This is typical of all corporations. For all kinds of reasons, security is not good.
Where I work, outgoing emails are scanned for possible passwords. If you are caught sending a password, any password, in email, the following happens:
Furthermore, password complexity is strictly enforced. Such things as Sonym13 would be disallowed.