First some facts…
None of us can remember the passwords for the dozens of web sites we re all registered on. That is why web browsers all optionally store logon information and automatically fill out logon pages when we revisit a site.
Web browsers do all support a special type of input control type specifically for passwords. Nothing entered into a password field is displayed, any characters are all displayed as asterisks. This prevents the password from being observed, either when it is first typed nor when it is automatically entered on subsequent visits to the page.
This is not the major security hole that you may think at first. If you are sitting at somebody’s computer looking at their webmail logon screen with the password field filled in then you already have access to their account – you don’t even have to know what the password is. However, knowning the password could be handy if you think that they have used the same password for other things, like a bank account.
My advice is not to save logon information for important sites when the browser asks you. Using a different password for each site that could cost you money or reputation if compromised is also a good idea.