I don’t think that means it cannot be leaked

Passwords should be paired with a second factor, preferably biometric, said Gunner, because it’s the most difficult for hackers to bypass.

I think this is a pretty naive risk analysis. Hackers cracking my lemmy password is the least of my concerns. Having my biometric data leaked is one of my highest ones.