I just installed heimdal on my notebook and found out that the password is printed on my screen as I type. A detail that might have the same source: there is no space after the colon of the "Password for PRINCIPAL:" prompt, where on systems where kinit does not show the password there is a space between the colon and the cursor when entering the password. Looking at the sources and grepping for "Password for", I see that heimdal-0.7.2/appl/ftp/ftp/kauth.c uses des_read_pw_string to read the password, which belongs to my dev-libs/openssl-0.9.8d. I also see that all this should be used only fpr KRB4, but the krb4 USE flag is unset on my system. So I don't know where this password prompt does come from.
Created attachment 101665 [details] emerge --info
Sorry there. I just found out that I've been using the kinit binary from dev-java/sun-jdk-1.5.0.08 not from app-crypt/heimdal-0.7.2-r3. Reason was a historic ~/.gentoo/java sourced by my .bashrc. When I explicitely call /usr/bin/kinit, I can enter my password hidden. Afterwards I get "krb5_get_init_creds: No ENC-TS found", but that looks rather like a configuration problem somewhere, so it probably isn't a bug, and it definitely isn't this "bug" here.