There's some good counters to this, though. A common variation on a dictionary attack will get the second in about 9 days (still longer than brute forcing the complex password), but will never solve the first.
Well, yeah, if the guy sets up an attack knowing that you used words with lowercase letters, no numbers, and is so sure of that he's willing to commit his computer to 9 days trying to guess it.... :p
Everyone seems to think they know how to make a secure password, but they end up making passwords that are difficult for humans to remember and easy for machines to crack, as they have fewer bits of entrophy.
I'm waiting for the day someone creates a password so complex, they forget it themselves.
I actually get this a lot at my shop, people lock themselves out of their laptops all the time, usually because they make a complex password and can't remember if it's a capital X or >< or whatever, or an obscure hint that they then can't decipher. Got it enough that I separated it from my general boot resolution service and gave it a cheap while-you-wait price, since no matter how good the password is it's a 5 minute hack on a Windows system.