Virgin Media have subsequently removed the list of "unacceptable" words from the javascript file.
They are still enforced by the server however. As I mentioned yesterday, password security almost pales into insignificance compared to this...
http://ramblingrant.co.uk/virgin-media-youre-only-as-secure-as-your-weakest-link
Only official response (so far) has been "we're not willing to discuss our encryption"