Autocomplete is activated by user interaction, not javascript events. The only way to trigger this would be a phishing attack, where you tricked the user into entering their information in.... but in that case, you're not really benefiting from autocomplete because they would have given it to you anyway.
Yup. Also worth noting is that this is a proof of concept, a real attack would likely use non visible form fields and background automatic data transmission. I think most people would agree that there's a world of difference between a phishing attack and an automated drive by attack.
