Great article, a real eye-opener!  Nothing like seeing your own password in plain text screaming "here I am!" to wake you up in the morning!

I agree with an earlier poster who said basically how is it possible to remember the zillions of passwords we must keep track of these days without either saving them in the dialogs or writing them down or using the same passwords in multiple systems.  I think that's the big security catch 22.  If you require users to change their password every month then you multiply the chance that they'll write it down just to get them to change it.  Have you really gained security then by enforcing such a rule?  Perhaps, but perhaps not. 

This example certainly points out why not to save them in EM though!  I don't know if the same concern would necessarily apply to all "save password" checkboxes in other appliations though.