If you have an experience that you wish to share, please send it to the editors. It'll boost your karma no end.
Part of Bob's job at the company involved systems management, and the company was very hot on security, so all the passwords were random strings of letters, with no sensible order. It was imperative that the passwords were secure (this involved writing the random passwords down and locking them in big, heavy duty safes).
One day, on a whim, I fed the MUD persona file passwords into Crack as a dictionary (the passwords were stored plaintext) and then ran Crack on our systems password file. A few student accounts came up, but nothing special. I told the students concerned to change their passwords - that was the end of it.
Being the lazy guy I am, I forgot to remove the passwords from the Crack dictionary, and when I posted the next version to USENET, the words went too. It went to the comp.sources.misc moderator, came back over USENET, and eventually wound up at Bob's company. Round trip: ~10,000 miles.
Being a cool kinda student sysadmin dude, Bob ran the new version of Crack when it arrived. When it immediately churned out the root password on his machine, he damn near fainted...
The moral of this story is: never use the same password in two different places, and especially on untrusted systems (like MUDs).