Users use the same passwords for multiple services. It’s a fact of life, it’s just so easy to that most people end up having 2-3 passwords they use everywhere, including one “hard” one for financial sites, etc. The downside is your password is only strong as the weakest link of where you’ve used it — when something like the Gawker hack happens there is a huge wave of compromised accounts that follow.
You can ask users not to use the same password, you can even encourage things like 1password (too expensive for many people I recommend it to), but what if there was a way to enforce that people registering for your site hadn’t used the same password elsewhere?
It actually wouldn’t be too hard, if you’re registering with email@example.com and the password “abc” when you register and the site hasn’t encrypted and stored the password yet it could try to log into your Gmail account with those details, and if it works force you to choose a different password. There’s no reason this has to be limited to email logins, you could put it against the APIs of WordPress.com, Twitter, Facebook, LinkedIn, any number of other services that expose simple authentication APIs and see where it works. Any successful logins, tell the user they need to pick something else.
Of course all that work and they’ll probably just put a 1 at the end of it.