My pet hate is web sites (usually e-commerce sites) which use a "don't allow paste" command on their password input field (or other fields, for that matter). To my mind, this is detrimental to legitimate users (who are thereby being forced to use a password which is weak enough to be feasible to remember, and to type manually, instead of being copy-and-pasted from a password repository, as I prefer) while doing absolutely nothing for site security. (If i were trying to crack a site, using a buffer-overflow attack or the like, I wouldn't be dumb enough to allow my custom client to honour "no paste" requests.
)
Fortunately, this dubious behaviour can be overridden by using Firefox with the appropriate plugin; but it's a dumb idea nonetheless.