Definitely true, Eka. The thing to remember is, that nature’s rules also apply here. Anyone attempting to gain something from you (like account details) are likely to take the path of least resistance.
What is true for business can, to a lesser extent, be true elsewhere. Small businesses (fewer than 250 employees) are becoming increasingly popular targets amongst cybercriminals (source source). The recent compromise of Target's Point-Of-Sale (POS) systems is the perfect example of this. According to this, Target's systems were compromised using credentials belonging to a third party. It is therefore reasonable to assume that it was easier for the attackers to gain access to this third party company, and utilise their unrestricted access to Target's systems as a means of entry. This isn't the first time a smaller company has been used to take down a larger one, and it certainly won't be the last. As I mentioned above, the path of least resistance is to take the easiest road to accomplish your objective. If your objective was to hack Target, than apparently the easiest road to do that was to compromise the systems of the HVAC company they hired to monitor the temperatures inside their store. Why that company had unrestricted access to Target's payment systems is something you'll have to ask them. :P
The point I'm trying to make, is that while it's definitely a good idea to make sure everything of value has a unique set of login credentials, it's also a good idea to maintain some measure of protection even on the most basic of websites. You'd be surprised how much damage can be done by compromising a supposedly small website. By this I mean that if you know the website is throwaway, use a temporary email address and/or password, that way potential attackers cannot gain any information from a breach of these smaller and less well-defended websites.
Cheers.
-Trony-