Don't get me wrong, I actually love the idea of steemit and all that having money which equals your reputation but having an automatically generated password and storing it in a text file for reuse is a bit bothersome for me. Now, imagine if there's a security breach (of highly reputed user) in his computer system and has the text file stored in there, S/He would lose all the money stored in steem!
Although steemit allows you to recover your account using an old password which can save your account in case of a hack but it will be too late by the time your gain access if the funds are already stolen.
I don't have any idea how the funds are withdrawn so I could be wrong in saying that thief can easily steal your funds but there's a reason why I'm being so scared, actually two:
1- recent DAO hack.
2- now Bitfinex.
I am not concerned about my account getting hacked since it has nothing in it. These hacks adversely affect the market and reputation of a company/currency/etc and I don't want that happening with this beautiful concept!
Enough of the concern and worries, time for a solution:
Like all other money handling websites(exchanges, banks, etc) steemit should also include and mandate(if possible) 2FA.
P. S. -
1- Just my opinion, you're free to have yours and point out where I'm wrong.
2- I'm not sure if there's already such implementation in steemit but I couldn't find it anywhere.