1) As OP has pointed out, security is not just about effective security, it's also about the perceived one. Cleartext passwords are so unusual it makes me question as a user, how things are handled in the backend.
2) I don't see the problem on mobiles. Not sure about Android or WP but at least on iOS I always see the last character that is entered. Still vulnerable to shoulder peeking but not as bad as cleartext.
2) I don't see the problem on mobiles. Not sure about Android or WP but at least on iOS I always see the last character that is entered. Still vulnerable to shoulder peeking but not as bad as cleartext.