The WebAppSec world has been awash with conflict following Bruce Schneier's discussion/comments that the masking of password entries on computers (and smartphones) should be done away with.
The discussion itself has morphed to some degree (well, quite a bit really), but essentially the argument is that the masking of passwords as they're entered in to a computer as part of an authentication sequence shouldn't be masked because of usability issues.
Now first off, I'm not a great fan of masked password entry myself, and I'm guaranteed to screw up a password several times each day, but I still think its a useful and relevant security technology. True, it's not much better than the password it's trying to protect - and it offers as much protection as the padding on a cars steering wheel does in a head-on collision - but it serves a purpose.
But I also split my answer. I think that password masking is less relevant to smartphones and could more easily be done away with. At least with a smartphone you can pull it close to your chest and obscure the password you're typing - it's damned near impossible to do the same with the LCD screen on your desk without looking like you're trying to theive it.
As with any security technology, theres a time and a place. Masked password use belongs as part of desktop protection of Web applications - but less so for smartphones (and fat fingers).