So you are saying that if the user enters the password into the username field, this would leak the password?