I think people recommend that in case of ransomware, which is most of the time the only chance of getting the data back (helping the ransonware market thrive, and with the risk of not getting data back anyway).

Never saw anyone suggest paying for avoiding password leaks