Debunking native in-browser spell-jacking.
"For input fields that handle sensitive information, such as passwords, personal details, or proprietary data, ensure the spellcheck attribute is set to false."
(TLDR: Being on the safe side)
https://medium.com/doctolib/debunking-native-in-browser-spell-jacking-0fccdc06373b