There are 2 reasons why databases are insecure , firstly the users say "its not my responsibility I don't get paid to do that", secondly in the case of passwords , websites and databases are insecure simply because if it was possible to make a password 1 million digits long it would still get cracked/hacked , not by a person , but by a machine with specialist software.
17 years ago I got my first virus within 10 minutes of turning my first ever pc on. I let in and updated quicktime and several other things , the shop told me pre-installed software would auto update so don't panic.
Then it happened , 10 minutes in I went onto web for first time and a box came up and it said "you need to grant GATOR permission to access the internet. Not suspecting anything wrong I granted permission and then the sticky brown stuff hit the fan. It turned out that at that time something called GATOR was the yellow pages of spyware ….. ouch !
All those years ago there were not many threats to be wary of , I would hate to thing I was buying my first pc today.