A couple things come to mind. First, if someone reused a password then a much more serious security breach could occur somewhere else. If it can be shown that the password was obtained via the breach in security here then that could mean that The Perl Foundation could end up involved in a lawsuit. Contacting The Perl Foundation lawyers would be a prudent first step in finding out what the best approach to take is. Keep in mind that some users have not been on in a long time and we may not have a current email address they can be contacted with. There is a lot of opportunity for mischief or worse. Update2: Not to mention that the breach occured over two months ago so damage may already have been done. Update 3 (2009-08-10): And the hackers specifically stated that some Monks reuse passwords which indicates other accounts have been compromised.
And then there is the question of what, if any, legal obligations there are. Maybe there are not any but e.g. we know California has much stronger disclosure laws than most states, so maybe there are.
It's a combination of curiosity (both in general and because I am one of the people affected by this) and a desire to find out if steps are being taken to reduce future legal risk (or at least raise the question so that someone in a position of authority does ask).