Details - https://protect.login.yahoo.com/login/set_pref?faq=1#faq2, it's called "yahoo sign-in seal".
But if you have a session cookie, then you hardly need a password. Unless we are talking about a public computer where you need to enter your password.
I am talking about the times when you DON'T have a session cookie, and you are prompted to sign in with a password. That's the thing that could be spoofed.