At Facebook's scale, I'd bet someone has research and evidence of 7 digit per year reductions in support costs by making capslock (or forgotten capitalisation) problems "go away"...

Why would you imagine that? In my experience, it's much harder to turn on caps lock by accident on mobile.

The first character is often auto-capitalized in many input fields by your mobile browser.

If a field is properly declared to be a password field (<input type="password" name="pwd">) of course ideally this wouldn't happen (plus, the characters get masked with stars, and hopefully what you type doesn't end up in your autocorrect dictionary, etc etc) - but it's full of shitty browsers out there.

GP was specifically referring to caps lock inverse, not initial character capitalization (which I agree is more likely to be the problem).

autocapitalize="none" on input elements works since iOS 5, and seems to work on modern Android based on a quick google search.