I have a desire to add <input type="password"> support to htmlInstaller, and I think this feature is applicable to be merged back into the main project.
It's a really easy change on the face of it (see jennings@4708b53), but if you have logging turned on, the password gets logged. This may not be what the user expects or desires. Should we also mask the value on the "Setting user-defined edit value" line for password fields (easy) or somehow mask the password if it gets passed as an argument to a component (much harder, I think)?
We use DNI for internal tools so we always have logging turned on for debugging purposes, but most people probably keep logging disabled by default, so maybe logging passwords isn't such a bad thing.
I think logging passwords is a bad thing and I would go with an implementation that works much like MSI: you should be able to declare properties as 'secure' and therefore never logged. I see a few different ways to do it, but ultimately you want to know what's secure and what's not secure inside InstallerSession::Instance->AdditionalControlArgs.
A somewhat hacky way to do this may be do do a convention, where secure variables have to start with S: and strip anything that's S:* in LOG.
Set user-defined values from password fields