Perhaps as a premium service, allow a caller to post an email / password combination. HIBP responds with a recommendation on whether to allow the user to use that password on caller's system. Known pwn'd combinations would always recommend "forbid", as well as perhaps forbidding any password in the top % of pwn'd passwords by frequency.

The end goal is giving system owners a way to steer users away from not only weak but also repeat & known-compromised credentials. I understand that data extraction would be a concern, thus the "premium" service suggestion.