[mukyu]

This article is simply incorrect. The passwords are only stored in plaintext when there are no OS-level or desktop environment options available to protect them.[0] In the absence of such a system where exactly do you expect Chrome to store the encryption key for the list of passwords?

[1] https://code.google.com/p/chromium/wiki/LinuxPasswordStorage

edit: Apparently there are people that run either incredibly old versions of chrome or don't run a keystore daemon and actually upload all of their dotfiles to github so I guess that part is technically accurate.

[shayanjm]

Off the back of a napkin - the key should never be stored anywhere first of all. In the absence of keyring/keychain/etc., it'd be trivial to introduce a masterpassword implementation in the browser client which is XOR'd with secret credentials and stored as such.

Obviously not a 'secure' system by any stretch of the imagination but it's an order of magnitude better than storing in plaintext.