This program could enter userid and password into browser's HTTP basic
authentication
popup windows, instead of keeping passwords stored in the browser's password
database.
The program is MFC-based.
At this stage the user has not yet entered the password into the program.
The text in the password entry field is changed dynamically, state and focus
driven.
The password has been typed into the entry field.
Once the user tabs out of the password entry field (or the password entry
field loses focus)
the password is removed from the window and a corresponding text displayed in
that field.
If the password was not removed from the window, other 'applications' could use
GetWindowText() to read the hidden password in clear text.