On that note, non-printing characters should be allowed as part of a password. E.g. "12345" is a bad password. But why shouldn't we be able to use "12356[backspace][backspace]45"?
How do you enter those non-printing characters? Even some printing characters (such as [enter] or [tab]) are a beast to enter in a web form ([tab] goes to the next field; [enter] submits the form). How should the field know if a particular [backspace] is you correcting a previously entered character or part of your password? BTW, my favorite non-printing character is \0 as it messes up most string functions.