This is a severe understatement. Passwords containing only an equal number characters outside of ASCII, and characters outside of ASCII only all produce equivelent hashes. This is quite rare for ISO 8859-1 encoded text, but I wonder if there are any UTF-8 passwords with no single-octet characters out there on eastern hosts. Hosts with users who use non-latin scripts are extremely vulnurable to birthday attacks.
Disclaimer: My personal httpd is a custom (read: unsecured) Python script I wrote when I was ~13yo running as root on an outdated version of Ubuntu Desktop. And I admit so publicly on the Internet. Question my sanity.