As reported in the usermanager dokuwiki page, password fields in add user and edit user forms are not HTML password fields but ordinary text fields, which is not good in an environment where screens are visible to other users. Applying the attached patch (using command "patch -i admin.patch" in the usermanager plugin directory) gives at least a temporary fix. The patch should be placed in the usermanager directory (where admin.php resides). Cursory testing shows that the patch works at least seemingly as intended.