Security is a huge complicated subject. What I'm looking for here is three things:
The password generating algorithm isn't reversible, meaning that when someone looks at the source code of this application, that won't help them to break passwords made by it other than the fact that they can see the possibilities as strings there.
Could I somehow remove those possibilities as strings to make it more secure?
Am I overlooking any potential memory issues e.g. should I be zeroing/wiping memory in areas where the password is stored after?