Thanks everyone for your advice. I do value it, even if I might not agree with it!
I partially agree on this point - it depends on whether the user uses the same password for all sites and whether you implement protection against brute force password hack attempts.
If the user uses the same password on all (or a lot of) websites, then in my opinion there is more chance that one of those websites will get hacked and reveal the user's password than there is that the user would have their written down password stolen (unless they post-it to their monitor).
If you don't implement protection against a brute force attack, then a simple password chosen by the user will be easier to crack than if you force the user to include non-alpha numeric chars etc.
So I would agree with your statement in the majority of cases, but it will not always be true.
You are missing that the password field would be a password field by default - it will only act like a text field if you toggle it. If you toggle it to act like a text field, then I hope it would be pretty obvious that it was a password field.
Agree with your points, but points 1 and 3 are not directly related to the question.
I have to disagree with you quite strongly on this one. In my opinion users should be able to have whatever they want as their password. If you're trying to prevent SQL injection at the validation phase rather than the database insertion phase you have other problems. Plus, there is no stipulation that the password will even be saved in an SQL database.
If you don't toggle the password to appear as text, yes, you are typing blind. I would hope that you would type a password more carefully than you do a forum post. If you do mistype it, you can always reset password when you find out you can't login. It would be interesting if there were any stats on how often people get mismatched password fields to see if this is a real problem or not.
If the user toggles password reveal when there are people watching that might steal the password, then yes, I would blame the user. I would think (again, no stats to back it up), that most people register for websites at home though.