Use the “passwords” feature to check if one of yours is compromised. If it shows up, never ever reuse those credentials. They’ll be baked into thousands of botnets etc. and be forevermore part of automated break-in attempts until one randomly succeeds.
In theory auto-population is way more likely to save you from getting scammed because it won’t do it for a fake site, as the URL doesn’t match. In practice though most people are just going to be annoyed it didn’t work and do it manually anyway before they realize why it didn’t work.