Thank you for your feedback.
Yes, we believe the main problem resides in the mobile platform, where a password echo is sometimes desired by the user. In the case of Android this can be turned off in settings. But users might still want to use them when the screen is small. WeI think letting this password echoing set to off by default can help a lot, though not completely mitigate the problem. Another case is when apps use their built-in onscreen keyboards because they do not trust other keyboard apps. In this scenario, we agree that it would be easier for app developers to address the issue. (e.g. randomizing the font for each character)
We think the idea of loading multiple glyphs is interesting. However, according to our understanding of the graphic libraries, the glyph caching is often performed by other libraries, (e.g. SKIA on Android). It's unclear if we do this for Freetype, what would be the impact of other libraries that uses Freetype.