This is the problem as we saw it....
1. Firefox "accidentally" filled in the enrolment key field with some personal information. The teacher didn't know because it just filled with stars
2. They saved it
3. Another teacher came along and hit 'unmask' and their personal information was revealed
- If this really is a password then it must be saved as a hash and should not be recoverable
- The form could have "autocomplete=off" added to suppress browser filling in the field