Re: 20 billion guesses per second
Since the site the password database has been taken from might not notice for 24 hours. And then another day or two for word to get round that the database has been compromised. And then another for people to realise that they reused that password (with the same email/username) on three other sites, and another to get round to changing it on those other sites - well, the rig doesn't need to be that fast.
personally I try to vary the email address used on each website (aliases even if not set up under your own domain are so easy to get).