But it doesn't matter what you or I can prove the site does or doesn't do with our passwords; my dad or aunt shouldn't type their passwords into random forms on the internet. Whether it tells them it's using k-anonymization or not.
You still wouldn't pop your dev tools open but then type your real password into a random form on the internet before you'd kicked the API-tires with some fakes.
Anyone who isn't prepared to kick the tires and hasn't established a trust relationship has no business doing it.