[lowe]

It certainly needs more tweaking. FJ, FJFJ, etc isn't in any of the 10k passwords people commonly use, isn't a sequence, isn't a single repeated character, etc, so zxcvbn recognizes it as bruteforce.

A fun extension would be to recognize repeated chunks in addition to single characters.

[onions]

One thing would be to try to measure entropy in a different way, e.g. run gzip on it. Right now FJFJFJFJ has the same entropy as FJGJFJGJ.

[lowe]

That's a great idea. More generally, whatever the approach, I agree zxcvbn would be better with a more conservative rating for non-pattern-matched regions.