Since Java 1.2, JPasswordField.getText() has been deprecated "for security reasons", ecouraging usage of getPassword() method "for stronger securty".
However, I was able to get the password stored in JPasswordField at least in Oracle JRE 1.7 by analysing the heap dump (JPasswordField instance -> model -> s -> array).
So how does JPasswordField.getPassword() helps to protect the password?
Well, the documentation for it states:
For stronger security, it is recommended that the returned character array be cleared after use by setting each character to zero.
But, of course, if you use the getText method, you get back a String, which is immutable, so you couldn't carry out the same recommendation.