This is really important, but why should we have to evangelise this to fellow Steemians? Steemit Inc is actually being **negligent** on this by providing a loaded footgun to users.
When you design a user experience, you should design it in a way that discourages insecure practices. There is a proverb that goes "you can lead a horse to water, but you can't make it drink." A corollary is, "you can't prevent a suicidal horse from dehydrating itself, but you _can_ make it wait by the river until it dies."
The fact that the Condenser application even _allows_ logging in with the master password is negligent as hell. When generating their accounts, new users should be instructed to write their master passwords down and _never_ use them again... and if they try, _it shouldn't work._ Extra points for forcing them through the password reset workflow after detecting the activity.
Crypto can't go mainstream until we make the necessary security practices understandable to Average Joe. We need to expect as little of Joe as possible. We need to assume that he's not only stupid, but _actively_ acting against his own interests, because social engineering makes that not only possible, but probable; not only probable, but **inevitable**.
Then, we need to do what we can to empower him (in a manner as _brain-numbingly simple as possible_) to protect himself from himself.
I may make this into a post later. Without cooperation from Steemit and a massive security awareness campaign, an extremely large portion of the Steem userbase, possibly even a majority, is headed for complete disaster. **We are one keylogger epidemic away from a mass extinction event.**