The password has to be between 5 and 8 characters, and valid characters are a-z, A-Z, 0-9 and _ (underscore).
With your username and password you can access your personal information, your e-mail, buy music, videos and lots of stuff and have it all on you internet bill.
Having this bad password policy goes against all recommendations nowadays and I think they really should consider changing it. Of course I am aware of that they will have less consumer support of people forgetting their password and things like that, but as a customer - should I feel safe? Guess not!
Worht mentioning is that a few months ago they sent out a flyer using regular mail with some information on their new online music shop. The flyer was a folded paper with a small piece of tape holding it folded. The flyer contained your username and password easily visible by just opening the corner of the flyer!