What do you mean by "the password never leaves the browser"? Are you just referring to the unencrypted version of the password? Because If it's appended to the URL , assuming it's shared it definitely does leaves the browser.
Thanks for taking a look and for leaving the question- I might edit that description again when I get a chance to clear up what I meant there.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.