if a site has a saved password and this is auto-filled, the “show password” html feature will reveal this in plane text. This seems insecure to me.
A saved password only allows someone other than the user to enter the website, assuming they have control of the machine.
Viewing the password allows them to know what it is, to save it, and to use it on other machines. MUCH less secure.
I think Brave should disable “show password” when it has entered the password for the user. Show password should only be activate-able when the user is typing into the password box.