https://blockchain.info/wallet/securityPassword Policy
Your password is never transmitted over the internet, sent to our servers, stored in cookies or in your browser's local storage in any form for this reason we are unable to help recover lost passwords.
Then how does the mnemonic recover the password, if they don't have it?
Because the mnemonic IS the password. They don't have it, but if you have the mnemonic, then you do.
As a simple example, imagine that you have a password like:
"TQBFJOTLD"
Then, imagine you create an mnemonic:
"The quick brown fox jumps over the lazy dog".
Even if you forget your password, you can recover it from the mnemonic. All you need is the mnemonic rule (first letter of each word). But anyone with the rule "First letter of each word" can't figure out what your password is unless they also have your list of mnemonic words.
In the case of blockchain.info, the mnemonic rule is much more complex than "First letter of each word", but regardless, there is a mnemonic rule, and they know what the rule is. That rule is useless to them for figuring out your passphrase since they don't have the list of mnemonic words. So blockchain.info sends your browser the software to apply the mnemonic rule, and you provide the list of words to that software. Then the software is able to convert the mnemonic to the password in your browser and tell you what it was.
If you understand Javascript, you can see the source of the program (and the entire wordlist) here:
https://blockchain.info/Resources/wallet/mnemonic.js(Scroll to the bottom to see their complete word list)