Yeah, exactly. When I see a Facebook login, what I parse is "this site decided that it was a better idea to leave security to the professionals rather than hack something together. A secondary benefit is that I get to get through this signup in 20 seconds than 3 minutes."
When I see a dodgy username and password form, what I parse is "I can't wait for them to email me back my password in plaintext, and then store it without a one-way hash."
Why do you think Facebook security is security by professionals? I fully expect that Microsoft and Google have a stronger set of security experts working on their various authentication and encryption methods.
They actually have pretty broken security practices from what I've heard. Their security review before pushing live features is definitely as not as strong as Microsoft (I can't really say for Google, I don't know what their security review is like). Check out the Facebook Chat for an example.
When I see a dodgy username and password form, what I parse is "I can't wait for them to email me back my password in plaintext, and then store it without a one-way hash."