Except, it wouldn't. Knowing it's a dictionary word with one number at the end severely cuts down on the work that would need to be done. And seeing as last time I checked, Overclock.net doesn't impose a login restriction for too many tries ( best thing for a site to do against brute logins ), then depending on the persons connections it would only take a day or two tops to send in all possible variations and wait for a successful attempt.
And as stumped pointed out, since the connection to the site isn't secured with SSL, then if anyone gets on your network, or you use an open network somewhere, then they could snoop your password extremely easy. And the SSL issue has been pushed several times here but each time it gets pushed they say there's no point, even when there's really no reason to do it these days as even a basic SSL cert is free.
Brute forcing logins is extremely fast when there's no restriction in place ( Say, fail five times and gets locked out for an hour ). Remember, security is about increasing the time it takes for someone to get in, not stopping them completely. This is why for most folks, security is an illusion, because they think it's meant to out right stop someone. Given enough time though, any security system can be breached. Brute forcing logins isn't like bruting hashes where the hashing algorithm takes time to generate, and given a proper hash would be run through multiple systems increasing time exponentially.
Take MD5 for example, and why it's not used. You can generate millions upon millions of hashes per second. Whereas with something like LastPass is using, you could only do say... 10,000-20,000 per second. So they've increased the time needed significantly. This is why MD5 is no longer used as it really only takes a few seconds to figure it out, not to mention all the collisions.
Edited by Shrak - 10/9/15 at 11:49am