This is of course not the case, when a password database is lost and when an obsolete encryption algorithm like DES is used, users can not share blame.
Well, that really does not make much of a difference when you expose the entire database table and have way too much faith in the 34 year old encryption algorithm reported to be used to safeguard the data.