I saw a TechDirt story on TechMeme this morning about a bank in the U.K. that changed one of its members' passwords -- because his original password "Lloyds is pants" was insulting to the bank. Wow. They changed it to "no it's not" and also prevented him from changing his password to both "Barclays is better" and "censorship".
This wasn't a password that you type in. It was a verbal passphrase you have to give the account rep over the phone, but how is a customer going to know what his phrase got changed to until he calls and finds himself giving the wrong password?
A few years ago when I was having trouble with my cable company I remember setting my password to "morons". I was having to type it in over and over as they were missing installation appointments and really dropping the ball, so it was an easy one to remember. Imagine if they had seen my insulting password and changed it. It would have the situation so much worse. Now imagine it was your banking password that got changed without your knowledge. Not good.