Re: Similar problem
If a site has a maximum on password strength, assume that it is being stored in the clear. There is literally no other reason I can imaging for doing that.
If it has "illegal characters", it means that they are executing the string in some environment.
I trust that you will use this information only for good. I'm pretty sure 80% of script kiddles already know this. I am certain that 100% of active hackers of any color know it.