Ok, your reply makes a lot of sense. However problem is that how users get more "hats" they are usually more afraid of loosing them :-) and would probably like to have an option to protect from attackers (I don't really know but I hope that people with some extra flags are trying to have a secure password at least).
Not a bad aim - I didn't intend to be outright discouraging :)
The account is getting more valuable and for example account of some stewards might be a good target for hackers.
Yes; Steward accounts are a whole different matter - I'd say they have a much higher level of risk if compromised.
The question is how these people can defend themselves when the philosophy is "we don't need strong security because user accounts aren't valuable / can't do much damange to site"
- when their account is compromised, they will surely have the flags
revoked permanently, that's likely not what they want. So at some point, having more security measures which could be opt-in for people who do care about their account, in opposite of people whom account isn't interesting for hackers would make some point too. Given that there are thousands of sysops on big projects, I guess they would welcome to have this feature. (Not that I care, personally, I was just interested in implementing that to mediawiki)
As above; not a bad aim.
One good idea would be to enforce some sort of minimum password standard - that can help with brute force attack vectors.
Tom