I'll give you an answer that I think can clarify some points. Although this may not be the exact answer to your problem, in the understanding it may help you to eliminate some of your assumptions.
First, in some cases, the Google Bot populates yes, forms, and other types of input , but it does so only if it detects that there may be content of interest. As Google interprets this "interest" that only Google engineers can respond to you. But you can check details in this Google Webmasters' video , see from the 29th minute link
Given this, keep in mind that even if the Bot is meant to fill in the fields, these fields must be friendly to the Bot, this means that they should not, for example, be personal data fields including credit cards, cpf, passwords etc.
Google will decide on an individual basis if a FORM-Element on a page is considered to be useful and then try to fill out that form using a small number of different natural requests, made to simulate an actual user. >
Google only crawls forms which uses the GET-method and does not ask for personal information. Additionally, the form should be made up of no more than two input fields .
Translation
"
"
"
"
"
Google crawls only FORM that uses the forms method and does not request personal information. In addition, the form should consist of no more than two input fields. "
Source: link
Still about the Password field, see what Google's Help Center says:
Googlebot and all other web crawlers are unable to access content in password-protected directories.
" Googlebot and all other web crawlers can not access content in password protected directories."
Source: link
To complete here you have all the Google Help Center topics on how to block the content of Google Bots. Maybe there is something you can do reverse engineering to identify because the content is not indexed by Google.
link
