I actually had a problem with this at a web dev job I did, where I wanted a JS entropy estimator and coded one in maybe half an hour (though it was a bit of unexpected time to debug it). Mine was considerably simpler than the above and would basically use lg(character class size) * length, but would notice when you switched character classes, too. So it was expecting, for example, numbers at the end of the file and would only reward you entropy(letters) + entropy(numbers).
It was at least a disaster when it hit the management who were doubling at the time as user testing -- "this should be a secure password and it's not!" applied to passwords which didn't sound very secure at the time. This was fixed by reducing the entropy bounds to be regarded as "safe" or not. (The result was that "password1" became a "strong" password, if memory serves me correctly.)
Before that, I got another interesting gripe from one of my dev colleagues: "'aaaaaaaaaa' [10 a's] is not secure, but 'aaaaaaaaaaa' [11 a's] is, wtf?!". I was reluctant to do anything more complicated as a waste of my time but there is a reasonable expectation that if you do something like this, you do it very well.
It was at least a disaster when it hit the management who were doubling at the time as user testing -- "this should be a secure password and it's not!" applied to passwords which didn't sound very secure at the time. This was fixed by reducing the entropy bounds to be regarded as "safe" or not. (The result was that "password1" became a "strong" password, if memory serves me correctly.)
Before that, I got another interesting gripe from one of my dev colleagues: "'aaaaaaaaaa' [10 a's] is not secure, but 'aaaaaaaaaaa' [11 a's] is, wtf?!". I was reluctant to do anything more complicated as a waste of my time but there is a reasonable expectation that if you do something like this, you do it very well.