Comment 83 for bug 194472

I'm pleased that the discussion is open again.
May I ask the Server Security team to clarify what it means "1. has a security impact on the server where no other application gives password feedback."
Where does the security issue lie? I can't imagine a case, where anyone or any program could see the asterisks but not be able to register at least the keyboard-strokes.
And if it is, wouldn't it be enough to be able to disable it for the ones who care about such fine grained security. Ubuntu is anyway not the safest server environment with much features enabled by default.