I don't understand why some websites set a limit on the length of passwords, since the passwords are supposed to be stored as salted hashes (of the same finite size).
That is a good point. It must be a sign that they don't store it as salted hashes!:D On the other hand password for a web-service need not be as complex as a file encryption pass. Since they can stop brute force pretty easily.