I do believe one Russian exit node (was/is?) doing that .. by posting usernames/passwords (I guess they're dunning dsniff or whatever on their TOR box and piping the output to a webserver).
Their stated motivation for this was to drive home the point about end-to-end encryption, but I question their methods, which brings me to
http://tor.unixgu.ru/