If you can see 1 char from set of 4 you know the number of characters modulo 4. If the minimum length of a password is 6, and probably it is no longer than 12 characters, then you can narrow the length to 1 or 2 numbers. It is marginally better than asterisks of course, of course, but it is still confusing.

The original suggestion included randomizing the first character of the set, which removes this attack.