The plugin is actually based on newer code than the current HSIMP site so it would, for example, detect that "correcthorsebatterystaple" is going to get cracked straight away.
It's also fully customisable how many calculations per second you want to assume a cracker can make. It's set to 10 billion by default, but you could set it to much higher if you wanted.
The boundaries of what counts as "ok" and "good" passwords can also be customised.
The site doesn't actually send passwords anywhere. Having said that, the irony is not lost on me that a site called "How Secure Is My Password?" asks you to type your password into a site which you have no reason to trust. I didn't ever really intend for the site to become popular... but it did. Anyway, hopefully by having it as a plugin directly on websites it will avoid such problems.
I had no intention of accusing this specific website or code for storing your password or sending it back to a server. But using a random "how secure is your password" website is one of the least secure things you can do.
I agree with the general rule, however checking the dev tools this site doesn't actually make any calls to a server during or after you've typed your password.
