Setting a max password length is sometimes done to prevent ddos attacks. Without it, attackers could just spam 1MB passwords constantly and force the login server to just spend all its cpu time hashing garbage.

That being said, a password limit of under 20 characters probably just means they are just storing passwords in plaintext.

Probably need to update. With plain yt-dlp you just run “yt-dlp -U”