The passwords are not encrypted, they are hashed. The difference being that an encrypted password can be “reversed” using a key. A hash CAN NOT BE reversed.
The point is Google qualified their statement and with the parsing lessons I received from Bill Clinton via the MSM, I find that suspect.
If someone has the password hash for a user ID they can guess, encrypt and compare until they find the right combination of characters. There is software available on the Internet that will do this very quickly.
In the PAST computing power wasn't sophisticated enough to make this very practical but NOW, with modest hardware ( couple of decent video cards in a quad-core box ) you can guess about 2 billion passwords a SECOND. If one is willing to invest about $15K in a machine with a lot of video cards in it, it is possible to guess the entire 8 character (upper and lower case letters, numbers and special characters) in about 4 hours.
If you recall when LinkedIn users were told to change their passwords because a password store had been leaked, most decent password crackers had nearly that entire set of passwords decrypted in about a week.
If you want to be MORE secure with the use of a password go up to 12 characters (mixed case, numbers, special characters, etc.).
In short, passwords as they're typically "selected" today are not a good way to secure anything.