[RicoElectrico]

Bad design, this seems to be part of many legacy systems. People tended to make bespoke textual formats, instead of, how we do now, using properly escaped serialization like JSON. And because they couldn't bother making a robust parser with escaping, they went the lazy route of just disallowing characters with special meaning.

[tgv]

They just don't know how to get text unscrambled from a browser or an app's text box in server memory. That always makes me think they don't understand the design of what they're using, so they just forbid certain characters.

When they forbid backslashes and quotes, it's even better: someone didn't know how to use query parameters or escape database values. It's a sign that their software is as secure as a "watch out for the dog" sign.

[bombcar]

This is exactly it. Something somewhere broke on someone's password (think Bobby Tables) and so they forbid the character that done caused it.