In principle it leaks information, so is always worse practice than not leaking. For example, one could imagine an edge-case where given a set of average-colour password images collected over time, for a password field that has a dynamic in its presentation that is exposed in the averaging, useful information could be discerned and used to supplement other attack vectors.
Say for example, the password field had one of those password strength colour indicators that subtly changed the background or font colour to indicate password strength, and the images were captured and obfuscated at that point. Information useful to an attacker would now be embedded in the colour average.
Say for example, the password field had one of those password strength colour indicators that subtly changed the background or font colour to indicate password strength, and the images were captured and obfuscated at that point. Information useful to an attacker would now be embedded in the colour average.