What I'm left wondering is why someone should need a username and password to comment on a blog post on their sites. Do they have a reputation system? Does it really prevent spam? Or is it just to gather a list of email addresses that they might sell later? There must be a better way to accomplish the little functionality that their login requirement provides. Especially now that they have to deal with the fact that their login system was not secure.
There are two primary reasons to require logins:
1) A registration system with a captcha is highly-effective at preventing spam on your blog comments or forum posts.
2) To a greater or lesser degree, it prevents people from impersonating you. Sure there are ways to trick this (create a username that's one lookalike character off, etc.) but on the whole it makes it easier to recognize who you're talking to.