Username and password must be provided. The "Show Password" checkbox displays the password. This is a security issue. Otherwise, what other options can be used to not display password in the REST objects.
I know the password can be passed in on the fly, however, this doesn't solve the problem, and I believe the newly release encrypted password capability will not work with these objects.
Is this checkbox really necessary? Or what other options in securing passwords here are available?