requestAutocomplete pops up a permission dialog to the user, it's not automatic on sites you haven't already granted permission to - the article mentions this.
What if I permit a site to autocomplete my email, address etc. but not my credit-card. Then, after the permission is given the form is changed to ask for a credit-card.
I'm sure this is all thought trough but I'll wait for a bit before using this.
Great point! This is why I'm always a little hesitant whenever I hear about auto complete abilities. Just the knowledge that your storing personal info (whether it's hashed and salted or not), and authorizing the browser to determine when it is convenient for you not to type.
What my privacy concern is just a javascript phishing attack (nothing too complicated that a beginner can do). Not to say this feature wouldn't be nice, just making the suggestion that there is alot of room for concern here.
I figured there had to be a prompt of some sort like the one's with geolocating. Still if there is an automation of some sort...this is an easy way for sites to associate multiple user id's, assuming this would matter to you ;)
1. you visit site: whatever.com
2. I have a hidden input with a name="address"
3. I have an onchange event listener for the hidden input
4. Now auto complete fills in automatically and I just associated your ip with your address (assuming the the auto fill is correct).
I always think this whenever I hear about auto complete. I NEVER save form data just for this reason.