Is there a need for the password to even be printed there? Usually the flow for changing the password is inputting the current password, then typing the new password twice.
Exactly. That brings up another bonehead move by Pandora - if you've made it here on someone else's account (presumably they left it logged in), you can change their password without knowing their password (ignoring the fact that you can already get their password from the DOM).
But I guess that's a minor issue compared to exposing your password. Either way, the whole programming dept. at Pandora needs a lesson in passwords.
