If a user has already accessed a device and has the "remember credentials" enabled, someone else is able to see their clear text password in the page code by simply selecting one of the already accessed devices from the "host" list on the login page.

Once the username and password are automatically filled, the password is hidden by the browser but the string can be inspected and it can be seen in clear text in the page code.