<edit>
After some thinking I've got your point that you are only defending the encryption method itself. There are also some flaws in the reasoning you provide to which I do not agree, but maybe this is for a another discussion.
To resume, my point is that although in a perfect scenario it is infeasible to break 256-bit encryption on a purely theoretical level, the specific case of stolen Steam account information has a high chance (e.g. bigger than 50%) of being revealed to third party, even though it *might* have used 256-bit encryption to secure its data.
Bookmarks