The reality is the password guesser has a string of 29 characters.
Actually, not even that. It would be hashed as a fixed length (256 bits usually).
Again, most of what I was saying was just for the sake of an example to show that under the right circumstances the length of a password doesn’t dictate its security. Even if it’s an extreme, security is only as strong as its weakest link. I’m not denying that it can be unrealistic, and I’m not saying it’s insecure (hence the “grain of salt” section that addressed all of your points), I’m just showing how it could be possible.