Reported by a user:
I experienced a weird issue with my LastPass (https://lastpass.com) client in Chrome: it auto-filled the user password field with the value of the superuser password (which you know is requested from the su before allowing to submit the form). As result the user gets it's password overwritten. This is not exactly your problem, but I guess you might want to know that, so you can get to LastPass with it.
-> Goal of this issue would be to prevent this auto-filling of password while changing another user's password. Maybe sufficient to rename the password input field name on the "edit user" screen?
There is a nice
autocomplete="off" HTML attribute, but thanks to banks and other companies, who thought disabling password managers for their login would make them more secure, all Browsers ignore it. So there are only ugly hacks left or moving the password to a separate page.