According to help file TC allows to protect password input by using its own keyboard hook. It sounds great but... quick search through CodeProject reveals this nifty tool (with code):
http://www.codeproject.com/KB/system/globalsystemhook.aspx
1. start this up,
2. install mouse & keyboard hooks,
3. hit Ctrl+F for FTP connections and try to connect with any password protected host,
4. type your password in.
To my surprise all keys are registered and it doesn't matter which AllowHook value is used
![Sad :(](./images/smilies/icon_sad.gif)
Now I wonder how well this protection mechanism is working. Any tests, people?