[kking50]

Curious how that's a security issue? Bookmarks are just public links, so there's no problem if someone sniffs them out, right?

Do you mean if a site stores cryptographic information in the url? Or is it the act of syncing with your local machine that introduces surfaces of attack on your local system?

[wtbob]

Firefox Sync used to be protected with high-entropy keys; now it's protected by a (likely) low-entropy password. Moreover, even if one uses a high-entropy character sequence as a password, Mozilla are able to target one with malicious JavaScript and snarf that password at will.