Yes, the browser auto-fill was the issue in some cases. So the advise is to use firefox and never to remember the passwords even for login form to ispconfig2.
I'm still monitoring the case, before logging to ispconfig2, always do the backup of /etc/shadow to get be sure of any modifications done by ispconfig.
Still get no idea about the behavior of ispconfig2. On user creation it simply adds the user password at the end of /etc/shadow and on ANY modification to the user, for ex. activation of antispam, the whole group of users will be rewritten at the end of the file /etc/shadow.
Thank you for the concern.