[GlitchMr]

I don't think there is anything wrong with storing passwords unencrypted locally assuming the machine itself has encrypted storage. Malware that retrieves passwords from password manager could get them from an unlocked password manager as well.

[throwawayffffas]

Reading a file and code execution (which is required for reading another processes memory) are two different levels of vulnerabilities.

Essentially if you have a piece a software with a bug that allows someone to remotely read files from you system, your browser stored passwords are compromised while your passwords stored encrypted are safe-ish depending on how good your passphrase is.

Of course if you have malware that can run arbitrary code on your system you are hosed either way.

[WhyNotHugo]

> Malware that retrieves passwords from password manager could get them from an unlocked password manager as well.

A decent password manager will require explicit user approval before disclosing passwords to clients. Regrettably, few do this.

[olliej]

Encrypting your mass storage devices doesn't protect against malicious code as by definition the filesystem is unlocked once you're logged in. Mass storage encryption is primarily protection against physical access.