The password must be at least six characters long, and only the first eight characters are significant. Note that the stored password is not encrypted securely - anyone who has access to this file can trivially find out the plaintext password, so vncpasswd always sets appropriate permissions (read and write only by the owner). However, when accessing a VNC desktop a challenge-response mechanism is used over the wire making it hard for anyone to crack the password simply by snooping on the network.
VNC was originally developed by the RealVNC team while at Olivetti Research Ltd / AT&T Laboratories Cambridge. It is now being maintained by RealVNC Ltd. See http://www.realvnc.com for details.