Lies, I understand what you're saying. But, what I mean when I say 'I don't feel it's necessary to worry about it' ... is IF there's no harm with your OWN info.
Some incidences DO indeed happen where people's info is stolen and NEVER used. I don't think it's cause for concern UNLESS your info is stolen and used for other reasons than what it is originally there for, as that's when it becomes dangerous. You know, to say that NO ONE can find out anything about someone is absolutely false ... just look in a phone book and there's your name, home address and phone number for anyone to know.
Once your address and phone number is found out, it seems there's ways to find out everything else, IF someone really wanted to. (such as SS#, Drivers Lic #, account info, etc.) And, it doesn't matter that sites are secure ... although, it does make it alot harder to find out personal info ... it's not completely impossible.
Maybe that's why I think changing password info is not as necessary, UNLESS it would be found out. Sometimes when info has not been refreshed in some systems, it does NOT resurface as easily. And by resurface, I mean sometimes it is NOT obtainable to find as quick as info that is more currently accessed.
I think the shorter charactered passwords are indeed harder to master trying to crack. Usually, 2 characters is NOT as easy as say 8 or more. Only because the more info you feed into a site/program, the more likely that info can be exposed faster than smaller amounts. I say this because a computer's job is to obtain info AND the more info it has ... the easier it is for a site/program to obtain.