Most people do the right thing with passwords for financial accounts, but all the websites that make them create an account just to read an article? Who really cares if that account gets hacked? Why not just use the same password for all of them? What’s the hacker going to do, read USA Today as them? Who cares?
That is all just normal, human, behavior. The thing that should scare the hell out of security professionals is how many people view their work access the same way. They don’t care. It’s not their data, it’s just the place where they happen to work, for now. This shows in the low number of people creating a strong password for their work accounts. (It also shows how making them change it every few months really just backfires.)