There are two kinds of ugly hacks: 1) zillions of users affected, 2) WordPress or some other setup gets done, so zillions of MY passwords are affected. Of course, sometimes 1P knows and notifies us that a vulnerability in a site is detected. OK, 1P, go fix all of them, so I don't have to. I create and store all of my passwords using 1P, so 1P knows when my passwords were created and modified, etc. and for whom. I could even say "just tell me, afterwards", and we're done.