While I personally would trust the Koding folks to be responsible with my credentials/SSH sessions, if you want a terminal in your browser using a server that you control why not use Gate One? (https://github.com/liftoff/GateOne)
It'll let you run whatever terminal app you like (defaults to SSH w/advanced features like session duplication).
And type passwords to remote host where ssh client's running. Nope, not cool at all.
A possible workaround is implementing SSH agent forwarding support in Chrome app. However, you still have to trust remote ssh binary to only do what it's supposed to do while you're connected (i.e. not log your communications, not open secondary channels doing some weird stuff and so on).
This isn't really the intended use case, sshing from your Koding VM to other servers. However the VM we give you is yours - you have root and full control over it, if there is something on there to capture your passwords then you put it there :) (We are not the NSA)
That is the least convincing security statement I've heard in a long time. So what if we have root access? You can still log everything or compromise the vm under the hood -- and there really is no way to prove otherwise AFAICT (trusting trust and whatnot). In this case, the NSA would least of my concerns!
It'll let you run whatever terminal app you like (defaults to SSH w/advanced features like session duplication).
Full disclosure: I am the author of Gate One.