The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
lists.opensuse.org/opensuse-updates/2013-11/msg00036.html
lists.opensuse.org/opensuse-updates/2013-12/msg00024.html
lists.opensuse.org/opensuse-updates/2014-01/msg00045.html
bugzilla.redhat.com/show_bug.cgi?id=1027028
code.google.com/p/mozc/issues/attachmentText?id=199&aid=1990002000&name=ibus-mozc_support_ibus-1.5.4_rev2.diff&token=P62umpXGXx68XJT6zyvBA727wqE%3A1383693105690
github.com/ibus/ibus-anthy/commit/6aae0a9f145f536515e268dd6b25aa740a5edfe7
groups.google.com/forum/#%21topic/ibus-user/mvCHDO1BJUw