This article notes that the algorithm "leaks information at a rate of 0.0005 bits per character" and as such it's fine for encrypting a tweet but not a novel. Can someone with a better understanding of cryptography put 0.0005 bits per character in context? Maybe suggest a practical upper limit to its usefulness that's more specific? More than 140 characters but less than a whole book leaves a lot of wiggle room.
edit: To be clear I mean someone with a better understanding of cryptography than me. I don't doubt the author's expertise.
Leaking 0.0005 bits/character means that you leak a full bit after 2000 characters. This may already be a problem - for example if you know the (2000 characters long) message starts with either "Victory" or "We lost", you can use the information leak to make an educated guess which one it is (with significant, but not 100%, certainty).
A better motivated and more precise example comes from the linked paper itself:
>As another example, suppose a suspected dissident is accused of leaking a government document using Solitaire and that the document is 10,000 characters. In their defence the suspect produces an innocuous document of the same length. A cryptographic expert witness could derive the key stream under each claim and count the repeats. The causal case would be expected to have about 444 repeats in the key stream and the non-causal around 385. The difference of 60 would represent more than 2 standard deviations, which may constitute reasonable doubt dependent on the legal system and the member of the judiciary
edit: To be clear I mean someone with a better understanding of cryptography than me. I don't doubt the author's expertise.