This is starting to get a bit scary. Think about what would happen if you accidentally autofilled your email password in a username field.

https://onezero.medium.com/almost-every-website-you-visit-records-exactly-how-your-mouse-moves-4134cb1cc7a0

but it’s not news I’ve done user testing like this on sites to see why/what problems are. We just turn it off when it’s not in use
I’ve seen it done for UX testing before. I just didn’t realize it was on production sites. It shouldn’t surprise me, though.