Of course if someone wants in they'll get in, as noted though, those w/the knowhow would never care to 'hack' up your teacher's page. I only briefly looked @ it but in the code was something like "<input type="password" maxlength="20"> Generally you should avoid little nuances as defining for anyone who may be trying to crack your site the max. length of a password. Also, there is no 'penalty' (lockout) for sitting there and trying passwords over and over and over again - someone could easily write a script that tries a password (especially since there is no username login), hits the back button [back cmd] ....repeat until a dictionary attack and a wordlist attack were exhausted, but I'd be willing to bet before this your teacher's password was something to the effect of 'Nawlins' lol

If you want to find weaknesses in .asp head over to packetstormsecurity.