The password value is defined but cannot be changed by the user. The user should not be able to see the password on the screen. However, you might be able to View Source to see the value in the HTML document source. Don't rely on this for hiding passwords in pages and assume that users will discretely ignore them. You might as well publish the password in the page heading.