The corollary of this is that, as a user, you need to do your best do ensure that when your account is broken into, that it doesn’t matter to you either.
To get there though, we need better email hiding (Apple’s Hide My Email is great for this, you can get unlimited randomly-generated @icloud.com addresss that forward to your real one) and for sites to not actually need your real name or personal information.
If done right, if randosite.com gets all emails and (even if plain-text) passwords leaked, it wouldn’t matter because only Apple can tie the email to my account, and the password would only be good on that site anyway.
If a website actually needs my real address and name for billing information, that’s another matter maybe, but even then who really cares? The existence of my home address and name doesn’t much matter if they can’t tie it to any other online identities. My address is in the phone book too… it doesn’t really give anybody new information.
