Of course, but it's highly unlikely you'd accidentally expose that page to someone. I was thinking more along the lines of letting your friend use your computer to check gmail, and whoops, there's your password already in the box.
Of course, but if I let my friend use my computer to check gmail, he or she could go to Firefox -> Preferences -> Security -> Saved Passwords and see all of my passwords anyway. By letting somebody use my computer, I'm implicitly trusting them to not misuse anything they might find.
The problem is it's no longer avoidable. A friend is unlikely to want to snoop on your saved password list, but can not avoid it when your password is already in the box, and they have to delete it to type their own in.
Anyway, the simple fix is to not show saved passwords in plain text.
Actually, no. This is the primary problem with this idea. Browsers use <input type="password"> as the tip-off to know there is a password to remember here. If the input field isn't a "password" type, the browser won't remember the password for you.
