Once the attacker has the username, password and access to the computer, the game is already over. I can't see how adding anything on top is nothing but smoke and mirrors.
As addressed in the post - there are no mitigating factors in the scenario of accidental exposure. The lowest hanging fruit would be a dumb hashing function which uses some master password.
If you've been hit with an OS compromise you're pretty much SOL, but it shouldn't be so easy to grab highly sensitive data from accidentally exposed profiles.
If you've been hit with an OS compromise you're pretty much SOL, but it shouldn't be so easy to grab highly sensitive data from accidentally exposed profiles.