The issue has been fixed on Windows 10 for Phones
An Internet Explorer security flaw now allows someone to learn a password that's been used on a website. How is that possible? Unfortunately it's pretty simple and doesn't require too many operations.
When you enter a password into a field on a website, that password is displayed with asterisks (******), so no one can find out what it is.
Nothing wrong and unusual here, but the problem is that when you copy/paste that password into a password field and then search for it using the dedicated button, it will open Bing Search or Cortana and the password will be revealed.
Full Article