On the "Administration->Authentication methods" page it is possible to set "Show on login page" for "Username and password" to off. Although the wording on the page just indicates the option is not shown on the login page, customers expect that the form based mechanism for authentication is actually disabled when this option is set, not just unlisted. The product should be updated such that the setting meets this expectation.