I wasn't saying passwords and websites are the same (I'm not even sure what that means) but was pointing out that saying it's fine to throw random stuff at a webserver would mean that it's fine to repeatedly throw user/pass combinations at a webserver.