[Bug 54741] Re: New windows stealing focus -- and passwords?

[jmspeex]

Have you ever typed your password in clear in another window that just
opened? I have -- several times. Usually, it just goes into a "local"
window and only the people around me could see it (which is bad
already), but I don't see why it couldn't happen accidently or
deliberately through IM or a web browser. We're not talking movie plots
-- accidents are bound to happen and I'm sure have happened in the past
because of that. In terms of "remote exploit", it sure wouldn't be that
hard to have a script automatically IM when they attempt to log in.
Still requires knowing the person, but it's certainly not a good thing.
The chances of succes would probably be in the order of 1-5%: small, but
significant if you try several times. Put another way, would you feel
safe telling me what your IM nick is and giving me an account on a
machine you often ssh to with a password (not ssh key)?

It's not like I'm advocating removing a feature or drastically changing
anything, just changing the default to something a bit more sane.
Stealing focus by default is just plain stupid. It's also totally
counter-intuitive when you have the "focus follows mouse" or "sloppy"
focus policy because you end up with the focus not going to the window
that has the mouse in it. So even if it weren't a general hazard, it
would still be the wrong behaviour for sloopy/follows mouse focus.

So basically, I see many reasons for fixing it and not many for leaving
it is (except for "everybody else is doing it").

-- 
New windows stealing focus -- and passwords?
https://launchpad.net/bugs/54741