Don't allow input type="password" to have a value #2632
Description
Is your feature request related to a problem?
WP plugins and themes don't store user passwords, but usually API keys and similar.
If a user has his WP login credentials leaked - due to PW reuse, phishing,... - it means that all API credentials the user may be able to view on that site will be compromised too. Especially with non-locked-down credentials this can lead to often long-time unnoticed, severe consequences, especially on small WP blogs.
Describe the solution you'd like
Any input type="password" must not have a value set at all (and similarly no placeholder that contains variables, since that will be 100% what people will be doing) unless maybe '••••••••••' . substr( $value, -4 )
Ideally, we'd have a function in WP core for that (just gathering feedback here first)?
This ensures that a password field won't actually be just an "Inspect" click away from viewing in clear text.