Glad to see someone created an LSA solution.
If this is intended for live usage, may I suggest:

1. make URL configurable & document it so users know they should use an internal/offline checking service
2. use the hashes (SHA-1s are provided) instead of plaintext passwords

Very practical and sensible, I didn't even think about security of sending off plain-text info. I'll get onto that as soon as I can :)

Currently looking at implementing interaction with a local SQL DB of hashed passwords.

Have updated the tool to use SHA1 hashes and to work internally and offline. Updated the blog details, and readme to let users know that they are able to customise the file path of the hash storage if necessary. Closing the issue report.