The purpose of this library is for the developers be able to easily and confidently define password rules for their application. I know rules which try to limit a password's length or impose other non-scientific restrictions are not good for security, but the library doesn't judge.