The password that is entered in the job configuration when connecting to TFS is visible in the browsers "view source". This is a big issue for us because we need to use our domain users to connect to TFS and Jenkins is open to everyone in the company.
The value in the password field when you enter configuration and the password was already set should be a placeholder that indicates the server that the password didn't change from the last time (something like "samepassword", but more complex, to avoid actual users from using that password).