@cmdrSprocket yes, so maybe the decision was made that the balance of risks makes the current method better?
I don't know how I would tell if someone was reading my password with the current method, but I can at least confirm a web-based login page is really from my institution. The number of opportunities for hijinks breaking the web-based version must be much higher, which I can sort of believe