This is a good solution, instead of everyone blowing tokens on repeating the same computer use task, come up with a way to share the workflows. I think you'd need to make sure there aren't workflows shared that extract user information (passwords).

this is protected against at the OS level, provided the applications declare the input correctly as a SecureTextField.

i so far haven't found any application that doesn't.

all you're able to get out, as far as i can tell, is the length of the entered password.