I wonder if there are any sites that simply forbid passwords that are known to exist in rainbow tables.

I'd assume that's what they're talking about with the 'use blacklist'. It'd be easy enough to occasionally repopulate it with "obvious" or known-compromised passwords that turn up.

Likewise, I assume they're keeping that list semi-secure to avoid black-hats/kiddies getting their hands on a list of really good passwords to throw into their cracking engine ruleset.