I thought we had all agreed this makes PasswordMaker safer against phishers, although I admit I don't remember why unless I re-read that thread...
When I first noticed that this is now required, I didn't quite see a reason for it, either. It doesn't help protect against phishers. It does, however make the password more complex, because, as far as I know, it gets hashed into the generated password. The only one that could protecting from phishers would be if the when URL contains were required.
But it is there, now and I don't see anything wrong with that.