Do a search on "passing the hash" and let me know if that changes your mind. Often times corporate security policies have people change their passwords not because they could be cracked, but because changing passwords will cause problems if a person's hash has been stolen. It limits the amount of time that an attacker has unrestricted access with those credentials.

Bill