"For example, you could treat a password as a sub-type of string. But strings as commonly understood almost universally support the concept of truncation. But if you truncate a password horrible security repercussions result. So why would you want to treat it like a string at all?"
You got it the wrong way round. Strings [a concatenation of bytes] can support truncation but don't have to.