When a plain-text password form field is found by Google Chrome, it will reveal all passwords on that primary domain.
For example, take a look at the following code and screenshot:
<input class="form-control secure_password required password fs-hide" data-install-name="secureli" id="ftp_user_pass_new" required="required" aria-required="true" autocomplete="new-password" type="text" name="ftp_user[pass]">
By checking the “Show Password” button, as shown below…
…the auto-complete function in Chrome is activated and clicking on the password field shows a drop-down of all passwords saved on that domain, as shown below:
