These are really two separate questions. A service provider could replace passwords by requiring you to upload a public key and encrypting a one time code to it, which you decrypt and give back to the service to log in. This would stop the insane amounts of phishing we see in onionland dead in its tracks, because the only way to compromise an account would be to steal a user's private key. The reason it hasn't been more widely adopted is because it creates a huge barrier to adoption of the service. Something like 80% of SR users don't use PGP. If SR switched to this more secure system, it would be massive head aches and a massive user exodus. But the vast majority of email providers don't offer this feature anyway. You only need to encrypt the body of your message. Why does LE need the account passwords if they have the hard drive in their possession and can read unencrypted emails right off the disk?