When using Team Foundation Server plugin in Source Control Management section, the entered password can be viewed by anyone by looking into the page source.

Suggestion: after the entry of the password, encrypt the password and store it in the file system. Do not show the password in the password field afterwards; instead, show a placeholder/marker message like <Password Is Encryped>.