On Windows you should be more worried about the security of putting a password into a standard edit control. In Windows versions prior to Win2K, any other Windows application could retrieve the password by sending a WM_GETTEXT message to the control.

It looks like there is a new exploit that will work even with Win2k/XP: Postmessage API security flaw.