It always good practice to have a very strong, non-dictionary-word passwords. However, most of the time, this is not the case, specially for home desktop systems. Whilst this definitely is not a good idea, it is convenient if you know that nobody will be able to access your system remotely. :)
To find out how easy passwords are cracked, try John the Ripper, an open source password cracker. This will allow you to detect if your users are using strong passwords or not. There is no point in having a secure server if one of your users is the weakest link, so to speak.
To installthe Ripper on Ubuntu, just run "sudo apt-get install john", and that should take care of it. Run it, "sudo john /etc/shadow" to start the process.
So, how many user passwords have you cracked?