You are absolutely correct! The number of dots Apple shows in the password field has ALWAYS lied since the first OS X public beta and maybe even before then. I remember a fair amount of comment/complaint about this on MacFixIt about this back in the day.
The idea is to prevent someone lurking over your shoulder when you are entering the password and getting the correct number of characters, thus making guessing the password that much easier. With today's brute force password attacks it probably doesn't reduce the risk that much, but every little bit helps.
There are also a number of apps I've seen show me only dots when I go into prefs to check something like its server connection, and notice there are more or less dots than I usually see (~10) "by default". Then I notice the number of dots matches the length of my password.
And then I say, "Ooooo I learned something today!" That almost
certainly means that the app is storing the password in some "recoverable format", rather than as a hash. (anything you hash will turn into a string of garbage
of the same length as every other hash) So when you see that, consider your information less secure, because a bored hacker can extract your password from that app. There may as well be a "Show Password" checkbox off to the right. (and I see that occasionally)
Apps should show dots a you enter a password, and then when you go back to review the settings, the password field should be some fixed number of dots.
I've even encountered a few apps that let me EDIT a saved password, while in dot form - "ok this password ended in a 7 or an 8... ok 7 didn't work, delete last dot, change to 8... ok that worked." If you try to edit the dots, as soon as you do anything, the field should clear and you are starting from nothing, because you can't edit a hashed password.
