It’s both a feature and a bug (well, a compromise with associated security risk). The feature is as you describe (and probably mitigates a lot of unnecessary account locks). The bug/compromise is that intentional or automated casing to achieve password complexity is a little bit less effective. I think the benefits of the feature outweigh the security risk, but it should also be widely disseminated, and anything dealing with passwords should take this into account.