Nothing is worse than a false sense of security. Most people are familiar with password fields in browsers. And some people know better than to store those passwords in the browser. But most people are unaware that even if you don't store passwords in your browser, the information can be cached by the server and presented to you or another user the next time you open up the page. That would be the case if you go the settings page to change your password.

Having stars or dots instead of the actual text makes you think that no one can see your passwords. But if the passwords are actually returned to the browser they can be displayed very easily by just pasting the following javascript code in the address bar of the browser. It will work with most browsers.

Try it for yourself. Click on this link, copy and paste the code to your address bar and see your password being revealed for everyone to see.

They are ways to prevent this behaviour but unfortuantely, it is not quite common yet. A bon entendeur, salut!