A few days ago (luckily) I read a PDF document that described a vulnerability in several password managers (like 1Passwprd, lastpass) that when they see say "google.com" domain they will autofill gmail's password field and user name (even if the fields are hidden on page) and when the user clicks on "continue" or "vote" (if it was a poll on the psge) the passwords are sent to the hacker.
So today on twitter I saw this guy
https://twitter.com/CoinMKTCapgiving a link to this page hosted on google.com
(be careful before clicking anything on the page)
https://docs.google.com/forms/d/1IZf5cBivam_93zENT_arFFuvWDidHGjWxoTMVmFSoWg/viewformNow why on earth would this be on docs.google.com if this is anything legitimate? Why not on your own site?
Right click and "view source" and I do see things like on the page:
^(focus|focusin|submit)$/i,r=/^(input|textarea)$/i,s=/^password$/i,l=!!("placeholder"in x);l|
If this page steals gmails passwords (and I think most likely it does), I would have fallen for this -- for sure --had I not read PDF that describes the hack just a few days before
https://www.isecpartners.com/media/106983/password_managers_nov13.pdf 
