Passwords which may be passed via HTTP basic auth (as "<username>:<password>") shouldn't contain a colon. Although it should work according to corresponding RFC, a colon in password causes problems in some servers (Cortex at minimum).
Therefore, we only allow letters and numbers in most of the automatically generated passwords.