Well, exactly that is the reason why we should adopt something like OpenID. Of course, if someone catches the password of your OpenID provider, you are also fucked. But all OpenID consumers (i.e. any random site) will not get it that way. Also, you can easily globally change your password for just everything if you know that your old one has become insecure.
