Hmmm, I don't quite get our logic in there anyway. I so rarely create or change connection details, I hadn't looked at this in a while.
As we don't pre-fill the confirmation, we force you to type the password in anyway. And there's no point in pre-filling with the encrypted password, as we wouldn't know if what came back in the form was the old encrypted password, or a new plain text one ... without dicking around comparing old and new values. And you obviously can't type the encrypted string in the confirmation.
So ... I think better logic would be what I'd expect it to do in the first place, which is:
Don't pre-fill either password field with anything.
On submit, validate and fail if:
1) Password and confirmation don't match.
2) It's a new row (not editing an existing one) and both are empty.
... and if it's an existing row, and both fields are left blank, just remove the password from the field list for the connection row being updated, so it stays the same.
That way when editing a connection, you can just leave both password fields empty, and nothing changes. And there's never anything prefilled in the form, encrypted or not.
Does that sound about right?
-- hugh