The password won't appear on the screen as you type and most browsers also won't 'remember' the values entered in fields as they do with other form elements.In some cases, such as on mobile devices, displaying the password may improve usability without compromising security.
Those companies' form JS was never executed, and it was crucial for us that they provide error messages in the returned HTML.
Here are some simple steps to make the process more secure.
If the purpose of registration is to confirm that the person exists, and that they have supplied a valid email address, then as part of the registration processe you a should either email them a random password or a confirmation token rather than letting them choose their own password and use it immediately.
(This pain can be eased by having the server re-render the form with the user's original input filled in, but client-side validation is still faster.) You want to validate on the server side because you can protect against the malicious user, who can easily bypass your Java Script and submit dangerous input to the server. Not only can they abuse your UI, but they may not be using your UI at all, or even a browser.