How do you test the rules about passwords containing at least one uppercase letter, one number and one special character if you don’t test with passwords that definitely do not contain those characters?
I don't think it's a bad or good idea, it depends. In that case they were harmless. For comparison, some people shared passwords on Slack and email in plain text.