As mentioned here, one security problem with passwords is accidently typing one's password into the username field when logging into a system. This can be a problem if the password is being entered in an environment where other people are watching the screen.
Generally, the password field is "masked" in password entry systems to prevent people from reading the entered password -- a character count may be shown with asterisks (as on the Windows login screen or in Red Hat's gdm), visual feedback may be provided as each character is entered (as on the Lotus Notes login screen), or no feedback at all (as on Red Hat's terminal login screen).
It seems that the "accidental password entry in username field" problem could be avoided by also masking the username field.
There would be some issues with such a scheme.
First, it increases the number of characters that must be blindly typed correctly to reach a login. I do not feel that this is likely to be a significant issue, as users type their usernames on a regular basis into the machine.
Second, it eliminates visual feedback that would tell a user that they have the caps-lock key down, a common problem when entering a password.
Third, it prevents people from troubleshooting issues with keyboard configuration (for example, the keyboard may not have the correct layout selected).
I feel that the caps lock problem may be solved in several ways. First, it is possible for many systems to put a visual warning indicator onscreen when the caps lock is on. This may be a good idea, as it is almost never desireable to have caps lock enabled when entering username and password. However, not all systems can detect the state of the caps lock (for instance, when telnetting into a remote machine, caps lock state is not sent to the machine -- breaking this approach when dealing with a remotely-generated password dialog).
Second, it might be possible to print a warning if a username is entered in all capitals.
Third, it might be possible to toggle the masked nature of the username field (possibly through an out-of-band mechanism such as a mouse), or possibly by simply entering a zero-length password and username, or hitting a key on the keyboard that is not reserved for password entry. This way, the vast majority of the time, the username field would be masked, and only unmasked if someone is troubleshooting login problems.