As your sibling comment correctly inferred, this would hopefully be done after setting some sufficiently hard random password on the service in question. At least that's how I've seen it described by those here that have mentioned they do it.

A sufficiently large random unknown password is actually significantly less likely to be brute forced than the service itself is to be exploited.