The problem is when a website or company you use gets hacked and all the password hashes stolen. If you have a weak password then it is likely they will learn what your password is. This then lets them log into your account on other websites (like paypal) if you have used the same password.
By mixing the password up, and not using words out the dictionary, or years, then it is close to imposible for them to work out your password from the stored hash.
Totally different to credit cards, you cant try 1 million pins per second at the bottle shop when you are trying to buy grog on a card you found.
