I really hate it when software dictates preferences to me. I'd noticed that some of the web sites I visit did not autofill credentials, and had always assumed it was a bug in the way Safari dealt with figuring out the autofill details. However, I looked at the source for a payment web site today and saw the property autocomplete="off" in the form fields, which Safari respects.

F*** that. I lock my computer every time I am away from it, have a FileVault encrypted drive, and have all my passwords locked up in my secure OS X keychain. Why the people who program the web site think they have to force me to follow their security practices is beyond me.

Luckily, there is a patch for Safari on OS X that gets around this. It runs a perl script which changes the pattern that the underlying WebCore software searches for, rendering the form field attribute useless. I just ran it on OS X 10.5.6 with Safari 3.2.1 and it works great.