Right, but that's because Armory has a way to validate it: it can try to decrypt your wallet. Since you're not sending the Armory developers your wallet or your private key, they don't have the ability to test to see if this is the right password and this tool would likely never actually work since they would/could just send you the first password they came up with and if it works it works, if it doesn't it doesn't.  Their answer seem to indicate that, given a weak enough password and you remembering enough of it for them to work from, they can send you a password that has a very reasonable chance of working and they might (they haven't said this so I don't know) have the ability to know when the recreation process succeeded or failed.

Don't get me wrong, I'm not trying to be a dick here at all and I certainly understand how brute force works. But what bothers me most is that they can have some certainty that the generation process worked. Unless I am completely misunderstanding how things work (and I may be, so feel free to correct me if I am) they shouldn't be able to do that without testing the password against a private key (which they don't and should not have).