It can be a security risk in theory. I am not using Auto Fill anymore, because you never know if some malicious website can somehow trick the browser into sending your info. You might also want to read this thread: https://www.wilderssecurity.com/threads/password-manager-security-papers.365724/