Comment 57 for bug 194472

If it is really security-relevant for servers (which i doubt), why not enable it just on the desktop?

Can anyone explain why this would be a security issue?
I think, if someone or a tool can read the output of the visual feedback. The person or tool has already other ways of getting the length of the password.