Iceweasel's (and Firefox's) habit of loading the contents of the X clipboard as a URL on a middle-click can get you into trouble. If you are pasting a password into a web page and accidentally click outside of the text box, Iceweasel will attempt to load the password as a URL. This sends the password over the network unencrypted as Iceweasel tries to resolve "password123". As a bonus, the DNS query may also be cached by a nameserver.

This behavior can be disabled by setting middlemouse.contentLoadURL to false.