On the Second Life blog you can read the question „Is your password secure“ followed by some hints on how to make a good password choice, to not use the same password everywhere and so on.
But the real question is: Why does Second Life still does not support OpenID? And why is the SLim-Client not authenticating via OAuth? This would actually make the additional password you have to setup with Vivox unnecessary, OAuth could be directly built into the SLim-Client. One password less to remember.
Additionally: Back then we learned that they are using MD5 at least for the credit card hash but they are using it probably also for password hashes (assuming from the Open Grid Protocol docs). MD5 should be assumed to be broken though so I wonder if they upgraded to a better algorithm like SHA1.
I also hope that all their staff has good and secure passwords because you can do much more harm in god mode which might have been what happened to Twitter.