1. The biggest negative is that there are no positives: as TimMontague already pointed out, you might as well just use phrase + password as your password. To anyone who knows about this site, the output is no more secure than the input.
2. The cipher used is laughably weak. Given a sufficiently large output string (and sufficiently large is not large at all), it's trivial to brute-force the seed used to generate the substitution chart and determine the input password.
In my mind, it's just a way to come up with "hard to guess, but easy to remember" passwords.