Sorry, it is not complicated, and I understand it quite well.

The "no special character" allowed concept was a kludge to protect against flaws in SQL and CGI used under web servers.

Instead the security issues should just be fixed correctly, and almost certainly they already are. But they still have the crude screens in place to protect a system that no longer exists.

I am more confident with a site that allows (or requires) special characters in passwords as I assume they tend to take security a bit more serious.