I think people have different ideas about what is secure - my hospital made it a royal pain to log onto their system with incomprehensible passwords x 2 and logging onto their remote serve who then used CITRIX to log onto the other server - what it succeded in doing was making it so I never logged on and would let my documents requiring signatures really stack up (which when I signed and 100 of them printed at medical records made them really crabby).
I think the 2 passwords required at Logmein is great - feel like fear of some HIPAA police make people paranoid. I also think there are too many "experts" on HIPAA - some don't really have a clue.
