The intermediate, untrusted computer (in this case koding.com's VM) can read my password.

This isn't really the intended use case, sshing from your Koding VM to other servers. However the VM we give you is yours - you have root and full control over it, if there is something on there to capture your passwords then you put it there :) (We are not the NSA)

That is the least convincing security statement I've heard in a long time. So what if we have root access? You can still log everything or compromise the vm under the hood -- and there really is no way to prove otherwise AFAICT (trusting trust and whatnot). In this case, the NSA would least of my concerns!

"This isn't really the intended use case, sshing from your Koding VM to other servers"

Yet in your own site you say: "Stuck on a Windows machine and can’t stand using PuTTY to SSH into work? "

I have to agree with OP, using this for any SSH work would be asking for trouble even if one were to use SSH keys with passwords.

Are you aware that passwords over SSL become even worse when the developer responds to criticism by setting up shill accounts?

Sorry what shill account is that ? I setup an account here today to answer any questions. Sorry for not using HN 24x7. Plus I am not a dev :)