[Joakal]

That only tackles the master password for every site issue. It does not solve the password being plaintext.

For example, Facebook has a central ID and if they don't protect the password that gets exposed, someone could use the password to withdraw money from another section of the website.

[pavel_lishin]

You can store money on Facebook?

[Joakal]

Not quite. At the moment it's virtual currency [0]. My point was that security holes increase as service increases in complexity. Especially when it's used for everything and becomes a hard lesson in SPoF for users, like the money example.

[0] http://www.facebook.com/credits/

[anonymous246]

Yeah, nobody can prevent a leaked password from being used to the site from which it was leaked.

This extension is helpful because people reuse passwords: a leaked password cannot be used to causes damage on other sites.

Obviously, I agree that sites shouldn't store passwords in plaintext, but good luck enforcing that.