I love that the developer's defense is that he could have sold our passwords to someone but (supposedly) didn't. That really instills confidence in his morals, doesn't it?
My claim was not that I could have sold your passwords, it was that I could have sold the extension! Last time I checked, the extension itself was my property and I could sell it to whoever I want. What the buyer does with it shouldn't be any of my concerns. I was just pointing out that, if I would have sold it, the buyer might have been the kind of person that would do those terrible things.
Would avoid this developer 100% from now on, Chrome or otherwise.