> 16 character max for a decade is a juicy rainbow table for the small cost of a few petabytes

Surely the kdf is salted and not prone to rainbow table attack? If it is, that's a flaw on its own - and much more serious than a 16 character limit?

log2((2*26+10+10)^16) ~98bits of entropy - that's nothing to sneeze at?