Question new form validation rule

Looking at this, I think it would be great to have - but as a third-party addin, rather than in core. Part being that it relies on a third-party service and also, while they've done a good job a trying to minimize the security risk, there is still some that a developer/company would need to evaluate for their own uses.

That said, I think the concept of adding a wrapper to that and making it a validation rule is awesome, and something I'd definitely considering using. I've already got a similar password check built into the auth library that I'm working on, though the dataset is much smaller (only 600,000 passwords) and not kept up to date.

I understand your argument that because it is a third-party service building it in the core might not be the right location for it.
2nd part of it I wouldn't 100% agree with "there is still some that a developer/company would need to evaluate for their own uses", because they still have the option to use it or not by adding the validation rule or not. If they don't add the validation rule I don't see how this would be a possible security risk (You could also add a warning in docs that it uses a third-party service).

Currently seems mixed, making a PR for core or not. Not sure what to do yet.