With the feature, I can explain to my mom, my girlfriend, my sister how to steal passwords from any chrome browser. In a way that they will remember and be able to repeat tomorrow.
So, but, really: I am interested, as are a lot of other people. Hence the gnashing of teeth.
I'm not thrilled by the security community's black-and-white stance that if it can't stop a defcon attendee, then it's not real security and it's not worth doing.
If my mom can be stopped, and it's simple to stop her, then I really don't get the resistance. 'False sense of security'? Yeah, that ship has already sailed. That's why the Guardian is writing articles like this - people are surprised to learn HOW trivial it is to steal passwords in chrome.
You make it sound like that stance is elitist, but it's the opposite: it's our knowledge of how easy it is to get the level of "Defcon Attendee" that motivates us not to implement cosmetic security features.
But it's not. Not THAT easy. I'm a developer, with a fair bit of experience, and I'm nowhere near the average defcon attendee. (Unless I'm badly overestimating their abilities).
My mom? She asked a shop owner, two days ago, 'do you have a, uh, online thing? You know, with the pictures?'
And yet, "Mom, experiment: type 'chrome://settings/passwords' in my browser and see how many passwords you can steal in 60 seconds".
You are badly overestimating their abilities, for instance by assuming that the typical Defcon attendee can code. We're talking past each other. Just take my word for it that bypassing the proposed "master password" is even easier than I've managed to make it sound.