simple.. someone can plant a trojan in the login page or edit the login page to steal ur password.. or actually be in the server and see what ur doing.. webmasters of that site can see ur passwords u know.. employees or juz normal hand ins of that company who can get their hands on that pc can get ur password...

or even someone is infecting ur pc wid a trojan and watching every move u make in ur pc.. logging every key stroke u make..