I can now say from my own experience, that you should take password security seriously. Had my Twitter account taken over by what looks like some person in the US. As I've stated in this thread, I had a pretty simple password, I used on mulitple webistes that were basically not very important to me like registering for a message board I didn't really care about and just wanted to read or other stuff like newspaper websites (not for paid content). I also had the Chrome message that that info had leaked, but never really bothered to change all those passwords as none of that had any important information in it or was really in use on a daily basis. Twitter was a bit different, but I also only really had that account to be able to read Twitter-links people posted and I was following some people mostly LFC-related. Didn't tweet anything myself and no real personal info in my profile.
Got an e-mail that my password on Twitter has been changed and another one saying that someone had logged in from Washington, US. I immediately checked the e-mail-header whether the mails were actually from Twitter or whether they were a fishing attempt, but it turns out the mails were really from Twitter. So, opened Chrome and tried to log in to Twitter, but it said my password was wrong. Thankfully whoever went into my account didn't change my e-mail-address (not sure you even can on Twitter), so I was able to reset my password and got my account back. Also nothing nefarious was done to my account, so I'm pretty happy with the outcome. Have now changed all my passwords that weren't save...