Appears when you tell the browser to save your password. The browser stores completed form fields and password locally and automatically fill them when a user revisits the site again.
What can happen?
Password and other PII (personally identifiable information) theft. The browser automatically fills in the forms with previously provided information. If the attacker is able to modify the forms (by, say, an XSS flaw), a leak may take place.
An attacker with local access could obtain the cleartext password just by changing the type of the input from password to text.
...or by changing the action attribute when the form is being submitted.
Set the autocomplete attribute to off on the input or on the whole form.
<input type="password" autocomplete="off"/> <form autocomplete="off">
Note: Modern browsers will ignore the autocomplete="off" attribute.