After writing this, admittedly, "tinfoil hat award" post, a friend pointed me to something much more nefarious than password generation sites: password checking sites.

For example, http://www.microsoft.com/protect/yourself/password/checker.mspx

Yes, Microsoft invites you to submit your password for automated review over an insecure HTTP connection (you are at a coffee shop using open Wifi, right?).

Think about it. Microsoft. You. Your password. Your IP, Microsoft site cookies...

Who's the paranoid freak, now?