Comment 44 for bug 194472

Depending on the feedback, a shoulder-surfer could figure out how long the password is, which could be useful in an attack. Also, if visual feedback is enabled, it will diverge from other standard login procedures such as 'login' and 'ssh'. This should not be the default, but could be configurable for those who want it.