I consider this a gigantic security flaw and is pretty terrible. I have only found this behavior in IE. Is this known? I seem to remember running into this for years.
for example, try this
go to gmail in IE
focus on the password box and type "password" (no quotes) and then hit ctrl+bkspc
then do the same for 'pass/word' (no quote)