Well it does, if you have javascript off, from the source (page says "If you submit a password in the form below, it will not be anonymised first")

Troy seems to have a fine reputation, but I don't want to trust the crown jewels (my passwords to everything) on Troy's reputation, the security of his site, cloudflare, and random javascript bits hosted in various places.

So sure the design and explanation of the page is that passwords are not uploaded. But since I can't practically verify that myself, I wouldn't upload passwords there. What's worse is even if I could audit every line of code, I couldn't guarantee other people wouldn't get a malicious version of the site.

So generally saying "Sure, type your password into a form on this webpage, I found an explanation that says it's not uploading it." is a very bad idea.

There's similarly plausible pages for things like generating SSL certs (not just CSRs), ssh keys, generating passwords for you, and similar that often have reassuring explanations that their security is just fine.

So generally never put your private key or plaintext password where a random 3rd party might read it. The promise that some anonymization process will be applied should not be enough to get you to risk it.

This reminds me of: http://bash.org/?244321