I’ve been wondering about that. I think they get around it by using the “enter your current password” prompt, so they potentially have it in cleartext for the duration of the session.