I agree. Server security is more important than a masked password. If a bad actor has access to a server, the damage is done, no simple password mask can help that. Unfortunately, I have a black and white business rule that passwords cannot be stored in plain text.