I've heard of websites that have autocomplete fields that aren't visible, so extra information is captured when a user uses autocomplete (ex. a hidden address field, that is only filled in with autocomplete).
When reading the answer to Can I force Google Chrome to remember passwords? I'm wondering if this opens you up to additional phishing scams or other privacy/security holes, that wouldn't otherwise be an issue.
The feature you refer is Autofill but is often called autocomplete (of forms) on a web page.
This uses a field name from the form to identify what to fill. If the 'rogue' page decides to not render this field at all you may miss seeing it. But, in most methods, the automation uses detail like the domain name to key the fields (it will not use the same password across sites just because you have the same user name).
Having said this, it is a good idea to not let critical passwords (say, your bank) be remembered by such automation mechanisms in the first place. There are a lots of ways to hijack such data from the browser, all dependent on the presently available vulnerabilities.
Example: using autofill with lastpass.
You may still choose to not use this for your critical passwords -- AmEx example regardless
Update based on comment.
The automation usually has better differentiation of phish-attempts because it is not limited to human pattern matching glitches. But, I guess we both understand that. Which leaves us with the form-auto-complete part -- let me point you to this mozilla page on turning off auto-completion for forms. Just Don't use it :-)
I think the lastpass method will be relatively more suitable.
