Deleting the account prevents collateral damage from using the same password in multiple places. Locking wouldn't solve it, but he could have changed his password to something he doesn't use anywhere else when he abandoned the account. Though, I have to admit, I probably wouldn't think of that (but I never delete accounts on places I don't go anymore, either.)

That's solved by clearing the account's password field when locking it. The absence of a password could even be the flag that indicates an account is locked.

Using the same password for all your online accounts in like using the same key for your house, car, office, bank deposit box, mail box, bike lock, etc, etc, etc and then leaving a copy of the key with every manager of every service and letting unknown third parties by the dozen tool the copies for you. No one in their right mind would consider doing that. I wish people would take a little more conscientious responsibility for their online lives too.

That said, I agree that deleting/locking is a good idea and of course it's quite sad that a place like this where everyone actually does know better was still keeping clear passwords at all. I'm not personally particularly worried about it because I have different passwords for every one of 100+ sites I have accounts. Anyone who doesn’t is inviting disaster. Some hackers don't announce their hacks. Some sites don't report, or even necessarily ever know about, security breaches.

If the 'gods' don't want to delete accounts, then make it such that a 'defunct' account doesn't have a password any more. And for accounts without password, make it so that they can't log in. That's at least better than what there is now.

Also, for 'defunct' accounts, wipe out all the user information (e.g., email address) so that can't be compromised either.

A simple compromise would be to erase (lock-out) passwords when an account is locked (on request or by force). This maintains thread logic and keeps user names from being reused. Even closer to outright deletion would be to hide or delete the personal nodes from the old accounts.

Of course it's easy to come up with this in hindsight but it could still be worth consideration and probably not too hard to implement.

A user can change their settings to remove their user information and then change their password to random themselves. You don't need any special code on the site for this.