Rainbow tables are a whole unrelated beast though. They're used when someone already has the hash for your password (usually by hacking into the website/game's database, like what happened on the Steam forums), and they're trying to get the plain-text password back. In that case, if they already have a rainbow table, it doesn't matter how secure your password was. If they don't already have one, then having a secure password has bought you more time. That said, hackers getting access to the DB of passwords is relatively uncommon, and such an intrusion is usually discovered very quickly.
If we want to talk about where most passwords get stolen, I'd say it's a combination of two things: one is scam sites (for example, sites that claim to sell gold), and the other is key-loggers (spyware that, once on your computer, records every keystroke and sends the info back to the account thief). If you type your password somewhere you oughtn't, or let your computer be infected by spyware, then how secure your password is no longer matters in the slightest.