Storing form inputs in component state in React.js, specifically passwords
Well to respond your questions on two layers:
First: You'll need authorization to take place in a secured setting, and the browser isn't that place. If you're guarding a form submittal, for example, it's up to you to have the server-side code that processes the submittal to validate that the captcha response is as expected. The fact that client-side state can be manipulated shouldn't really matter as long as you're not using that as your sole source of validation/authorization like passwords.
Second: I recommend that you use password-hash a node.js library to use hashed passwords. I didnt tested myself but that shouldn't be an issue. Of course https protocols is how the client and server need to communicate.
No, no vulnerability here: the user will be able to see the password while it is inside her browser, after she inputs it...
A password should not be a secret for it's owner... :-)
Of course you will use https
protocol if you send the password to a server, otherwise it will be visible on the cable, an that is a security issue!
I agree with @MarcoS there is no security issue.
I would add if a thief knows how to read the state in dev tools he can also do this:
document.querySelector("[type=password]").value
Of course the password must be protected and disable to be revealed, it could be avoided using refs and without onChange event
<input type="password" ref="password"/>
And when the form is submitted you can get the password as follow
const password = this.refs.password.value;