Wouldn't it be good if all applications and websites let you know this? Because it's true for almost all.
Password storage is where many companies do not do all the right things, and do not do all the things right. There are many ways to mess it up and you only need one miss to enable someone who can steal the data to know all the passwords their users use. It doesn't have to be that way.
And it doesn't have to matter as much. There are two things you can add to password security to make it... acceptable. A password manager and a second factor.
Password managers make it easy to have a different password on every site, one that is virtually impossible to guess. 1Password, LastPass, Bitwarden or KeePass. Any is better than none.
As for a second factor, it's up to the sites you go to to offer this as an option. They will offer to send you a code when you try to log in, or synchronize in advance with an app like Google Authenticator. There can be some issues with any of these, especially text messaging. But like with password managers, any is better than none. If you have this as an option anywhere, take it. If it's not offered on a site you use, switch to one that offers it.