@LL10890 Greetings, the question is? does MS Edge chrome or any browser leak your password if you save them in the browser? From what I can see when using WAC via Edge (MS Chrome version) at no point does it ask me to save my password to the browser so I assume it's a security function by default.
However, as WAC uses an SSL cert which is either self-signed or purchased your session is encrypted in any case. there is also the option to use InPrivate or application guard mode via the browser to add further security or you could use a sandbox version to windows 10 (if you use Win10 pro) to create a temp session for use when using WAC and once the container is closed all setting and history are reset to factory clean for next use. The sandbox option is overkill however I tested it and its all good. I have very paranoid friends.
If your on-prem then you can just use the internal IP and port which isn't exposing anything or if you have a work VPN then do the same, e.g. use internal IP and port for WAC. I assume you want to use the gateway so it can be used anywhere. I invested in a SSL cert to encrypt my WAC and use InPrivate mode in MS Edge when out and about.
However, there are times I don't have my laptop and need to access from another location so I trust in my SSL and redirected all traffic to HTTPS by default (and use incognito mode on whatever browser I'm using external which I have no control overkill as I have an SSL).
But to be honest an SSL is the way go for WAC especially in a gateway for more info google or bing "Install an SSL certificate in Windows Admin Center | 4sysops"
Hope this helps, Godspeed
