Found in #IRC:
"apparently people are getting around Chrome and Firefox telling everyone that non-HTTPS password fields are 'not secure' by just using regular text fields. they change the font on the text field to 'text-security-disc', which is apparently a font that exists of all bullets and looks just like traditional password fields."
How about instead of investing time and effort into schemes like these, you just ROLL OUT #HTTPS FOR FSCK'S SAKE!
@rysiek That isn't really up for you to decide. I'm ok with the browsers switching to labeling http sites as unsafe, that sounds reasonable, but bastardazing the input elements (that actually have some defined behavior they need to adhere to), that's quite shitty. What are you going to do with it anyway, when you see it.