[sstarr]

I don't think that saying if someone has access to your computer then you're screwed anyway is really an excuse.

You talk about lulling users into a false sense of security but do you have any idea how many Chrome users assume that their saved passwords can't just be viewed in plain text with a couple of clicks? I had no idea until I read Elliott's article and I immediately turned the feature off and deleted all my saved passwords.

[markjs]

If a technical person with a bit of knowledge and a few minutes has access to your computer then yes, you're a bit screwed.

If the broadband engineer comes round to investigate your connectivity issues and you (sensibly) watch over their shoulder while they fiddle with your browser settings, looking away for 10 seconds shouldn't result in them having ALL your passwords.

It's about ease & simplicity of breaching the "security" for non-technical people as well as techies.