There is speculation floating around the net that at least one of the recent disclosures of passwords was a SQL Injection attack (my bet would be several), I this find equally as disturbing as the fact that the passwords weren't even hashed. Seriously people SQL Injection? It's 2012...