I tried registering today and accidentally found that the password requirement validator on Broadcom's registration form has EVEN MORE "quirks" than you already presented. Apparently, the "Should not have three or more consecutive characters that match any portion of the user email address" requirement on their website is checked by generating a regex without escaping user input and validating with that. The form disappears as soon as you start inputting a password...