macOS 12 Monterey doesn't support my 2014 MacBook Pro, so I bought a new MacBook Pro in April. For a long time afterward I thought there was a bug in Keychain Access app that causes it to randomly launch in the background, behind the active app. I keep Keychain Access in my Dock and launch it from there, typically to copy a password and paste it into a form. (How many times must I enter my Apple ID??) I finally realized yesterday that this coincidence was the cause! Whenever the keyboard focus is in a secure text field, Monterey launches apps in the background. All apps, not just Keychain Access app.
Below is an example to illustrate. On Monterey, put the focus in the Password field and then launch an app from the Dock or from Spotlight. (Make sure the app isn't already running, otherwise it will be brought forward.)
This behavior happens in every web browser, e.g., Safari, Google Chrome, and Firefox. It happens in the Music and TV apps with the "Sign In to iTunes Store" dialog. It happens in Keychain Access itself, if you create a New Password Item and put the focus in the Password field. Oddly, it doesn't happen if the focus is in the Notes field of a New Secure Note Item. Also oddly, it doesn't happen in App Store app if the focus is in the Password field of the "Sign In to App Store" dialog. I'm not sure what causes these few exceptions.
I searched the web for documentation of this behavior and didn't find much — nothing from Apple, sadly — but there was an interesting Stack Overflow question: "On Monterey, while NSSecureTextField has focus, Hammerspoon can no longer bring another app into foreground". (Apparently Hammerspoon is a macOS automation tool. I'm not familiar with it.)
In retrospect, it turns out that I had encountered this behavior before in a slightly different situation. Shortly after I updated to Monterey, I noticed that apps kept launching in the background if Terminal app was in the foreground. After much debugging, I isolated the problem to the "Secure Keyboard Entry" setting in Terminal's main menu. I filed Feedback with Apple (FB9986784), and Apple engineering wrote a response:
This is intentional; since we can't know the user's reason for wanting secure text, we won't allow another application to pull itself forward without the user's explicit permission, because a launched application could accidentally get sent keystrokes that the user expected to go into Terminal.
Apple set my Feedback resolution to "Works as currently designed".
Although Apple considers this behavior to be a feature rather than a bug, I personally consider it to be a bug rather than a feature. The intention may have been good, but the implementation is bad.
Is there a way to rescue this as a security feature without removing it? Yes, I think so.
defaultscommand rather than exposed in System Preferences (or System Settings, sigh), but there needs to be a way to opt out of Apple's security paternalism.
By the way, I highly recommend Little Snitch to protect your privacy and security. I'd take Little Snitch over almost any security "feature" made by Apple nowadays.