Could we get Brion to also run this tool against future promoted users (have it continuously monitor the bureaucrat log)?
Seems like overkill. If crats simply ask successful candidates to confirm that they have a compliant password *before* sysopping them, then the problem is solved.