About the first thing: he means that Google stores them in a way so that they can access the data – instead of doing end to end crypto with a password derived key.
It's only true because he's stuck the words "by default" in there. The button to set a password-based key is in the menu and then it does end-to-end crypto.
If you don't give it a key, it does the best it can with an impossible problem.
Technically, due to having a Google Account, there would be a way for that.
And if you set a master password for Chrome mobile, you can still access everything without this password on desktop chrome, and in reverse.
As you are logged into your Google account anyway, though, they should just use your account identifier as seed for the key if no other option is available.
If you don't give it a key, it does the best it can with an impossible problem.