[phab]

But I could just ignore/comprimise/modify your client and submit whatever I liked to the server.

[smolder]

What's the motivation of someone able to do that and interested in doing it?

[SiNiquity]

Primarily to get around arbitrary password rules that do not enhance the security of the password but serve to weaken it, e.g. only use special characters from this list: !@#, or sorry your password is TOO LONG (?!)

[labawi]

That's true, but only to a point. You can actually server-side check username/password equality, and a not overly long list of other unwanted passwords. You just have to check each one.