Maybe Marriott should have a zero-liability opt-in. You can use the non-secure single authentication if you want, but you agree to hold Marriott harmless from any liability for a hack.
The people kvetching here will be the first to rant when they lose something.