There's all sorts of havoc an unauthorized user can wreak if an unauthorized user has access to the ManifoldCF UI. Getting access to passwords is just a small part of that. That was my point.
The current recommendation is therefore that access to the ManifoldCF UI be restricted to only the people who have access to such passwords. If that's not possible then your proposal isn't going to help much.
I'm not opposed to starting the process of tightening up the UI so that it is secure in an open environment, but please do understand that it is just the first of many steps.
As for the approach you propose, I would like to think through a canonical implementation. As you point out, it affects nearly every connector, and therefore we want to do it right in one connector first, before we apply it everywhere. If we go with a special token indicating "password unchanged", then we should make sure that the password includes special Unicode characters that are unlikely to come up in real passwords, and we should standardize this special string by maybe putting it in the BaseConnector classes as a constant.