But this also means that they know your plaintext password, meaning that they're saving passwords in plaintext. Given that this is mostly a technical community, it's much more the risk of keeping a database of plaintext passwords than the benefit of being able to obfuscate passwords in comments.
EDIT: thanks to another commenter, I understood that what's happening in the above comments is just a meme and HN isn't storing plaintext passwords. Sorry for the misunderstanding.
In case you're unclear why your being down voted, comment chain is a riff on one of the more famous bash.org quotes: https://knowyourmeme.com/memes/hunter2.
HN does not actually know your password or hide it in comments.
(sticking with the obliviousness for a moment,) Would they need to store the plaintext password? Hashing every word typed isn't efficient but it's possible to achieve without knowing the plaintext.
Considering how laggy the comment box is on reddit, it makes me wonder if they're not already doing something similar, but client-side in js. I guess it would expose the salt though.
What actually happens is more complex: when you type a *******, HN tries to log in once for every string in your *******, and then when it succeeds it goes back and replaces that string with a randomized length of asterisks.
EDIT: thanks to another commenter, I understood that what's happening in the above comments is just a meme and HN isn't storing plaintext passwords. Sorry for the misunderstanding.