another security aspect -<p>on one project I was on to combat possible attackers we replicated the password and username fields multiple times, all field ids were uniquely generated, the fake fields were invisible, the real fields were visible.<p>If a bot filled out the fake field the application continued on and later on in the workflow would crash randomly for some unrelated reason.<p>This made it very difficult to run our automated GUI tests.