In manage hudson > configure system (/hudson/configure), if LDAP is selected and the advanced section is not expanded and the manager password doesn't have any value (blank - anonymous binding), the browser autocomplete feature automatically fills in the password field without a user knowing. As a result, if a user hits the save button, the autofilled password value is saved without user's intention.