Is it more secure to allow the browser to save a website password or prohibit it?