If you only have three attempts to enter a password, even most dictionary words are secure. The problem is when the unexpected happens, and someone finds a way around that restriction. In the worst case that might mean getting a hold of a copy of password hashes. Or it might just be an exploit that lets them try more combinations over the internet. Regardless, just because there are other safeguards in place doesn't mean that password strength should be ignored.
As far as why exactly six alphanumeric characters is bad, it should be obvious, but it significantly reduces the difficulty of brute-forcing. You have 2B possibilities, total, not even taking into account dictionary attacks, which also become far easier.
As far as why exactly six alphanumeric characters is bad, it should be obvious, but it significantly reduces the difficulty of brute-forcing. You have 2B possibilities, total, not even taking into account dictionary attacks, which also become far easier.