#10 - Sept. 25, 2010, 11:09 p.m.
Certain (though not all) special characters are allowed, Ratfink. You can see the password rules here:
Changing a Battle.net Password
http://us.blizzard.com/support/article/25901
If you scroll down and take a look at the screenshot, there's a list of Password rules there. They include:
Password Rules
* Your password may only contain alphabetic characters (A–Z), numeric characters (0–9), and punctuation (!"#$%).
* Your password must contain at least one alphabetic character and one numeric character.
* You cannot enter your account name as your password.
* Your password must be between eight and sixteen characters in length.
* For your security, we highly recommend you choose a unique password that you don’t use for any other online account.
I can assure you that at Blizzard, we have
not been hacked. If that situation ever arises, we will absolutely inform our players - it is required of us to do so.
There's a variety of ways that a password can be obtained. Some of the most common are phishing attempts, both in game and via e-mail. Others can be malware, as you've suggested - you may also want to run those scans with your World of Warcraft launcher open and try typing some gibberish into the name and password entry fields.
You might also benefit from reviewing our Battle.net Account Security Awareness site - there's some helpful tips on how to keep your system secure as well as information on how most accounts are commonly compromised.
Battle.net Account Security Awareness
http://us.battle.net/security/