in reply to
Re: Re: Form passwords cached when redisplayed?
in thread Form passwords cached when redisplayed?
> Even in mainstream browsers, the user can override the -
> expires parameter by fiddling around with the caching
That by itself might not be a big problem, I think. I have my browser set to cache everything, but this is my personal computer in my house that only I have access to, so it's not so much of a security problem for the password to be sent back in plain text.
It could be trouble for a user who sets their browser to cache everything without understanding the security implications, though.