True story from my sys admin days.
It was a Netware 3.12 shop (yes!) and I thought it would be a good idea to scan for vulnerable user passwords. I bought and installed a commercial password-cracker tool for admins, and watched it run. Maybe 20% of our users had pretty bad passwords: MyFirstName123, obvious dates like birthdays, that sort of thing. I got in touch with each such user individually and counseled them to pick something more resistant. One of them was really surprised though.
She was from a village in India, a place so small nobody even really has last names. And she used her uncle's single given name as her password, telling me later that it seemed like something nobody here in the U.S. would ever guess. She was half right: none of the humans knew that name, but our cracker's dictionary attack sure did!
So your point is right on: it's not that the imaginary cracker would know this woman's uncle's name--but the cracker wouldn't be too far off in guessing that perhaps someone was using that name for a password.