Just a quickie. I just learned that when you use a <html:password> tag, unless you set the attribute redisplay="false", the value a user enters in the field will appear in the source of the page if it is redisplayed because of an error. The document says the default is true to be consistent with the other field tags, but that seems dangerous to me.