I noticed that on some forms the password is not echoed after the user submits the form and the page reloads(this could because of errors or any other reasons). Why is this? Is there a valid security reason? Or is it just overkill? Thanks in advance.
Daniweb's registration is a good example. If you fill in all the fields and enter in a wrong entry for the image verification field, all the inputs will be echoed out except for the password field and the image verification field. Is this some kind of security method?
In short yes - passwords are not transmitted back in that way as in one form or the other they would be plain text. If someone crafty were to open up the source on the page they'd have access to that persons password from the returned incomplete form.