That's what I thought too. I guess it wont be hard though to just put asterisks there and store it in md5/sha1. On the other hand allowing the user to change password without knowing the old one it's another security risk, so this is not probably for every app or it needs some work to get done right.

You can only change the password for the current user. If someone gets access to your phone, they can change your password, so this doesn't work for, say, a bank.

If the physical security of the phone is your security, however, this seems like a reasonable level of trust.

There are many apps, like mine, that have non-sensitive data that just needs an account for persistence or extra-app activity.

You could adjust this to require the current password instead of showing it, but in my case that's an unnecessary level of effort. You could still get by with two input fields, I think.

It's not stored in plain-text. Everything is stored hashed and salted with bcrypt, and comparisons happen at the hash level.

The app is stored un-hashed and un-salted in the app, but if someone gets access to your phone, your powerlifting log is the least of your worries.