[jogjayr]

Given the number of people I've seen step away from their desks without locking their machines (in the tech industry, no less)...I don't think "hack relies on physical access to the machine wontfix" is an entirely reasonable response from the Chrome team.

Maybe they could make you enter the system password for this action too like they did with saved passwords (earlier, saved passwords were visible in plaintext but now you have to enter the system password to see them)

[ineedasername]

It's not at all a reasonable response. A small bit of malware could eliminate the need for physical intervention: programmatically logout, login with the thief's account to sync, then log that one out too.

The response smacks of an attitude that "once a machine is even a little compromised it's not our responsibility what happens. Physical access is a compromise, therefore we don't have to fix our own loop hole."

This is like a safe company saying, "Well, of course someone that breaks into your house can also open the safe by saying, I'm the owner out loud."