What really worries me is that the attackers claim that the passwords were stored UNENCRYPTED. We tell each and every wannabe-coder to salt and encyrpt passwords, and the perlmonks code doesn't? If that is true, the monastery has a really big problem, and just changing our passwords once or twice, as advised in It's Time for Everyone to Change Passwords!, is just trying to cure the symptoms.
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)