Yes... smug levels are so high they're toxic. Look, security isn't about 'secure' and 'insecure', it's about more or less secure. It's true that with physical access to your computer a trained person can, with sufficient time, do anything they want. The key issues are the skill level of the intruder, and the time available. Most intruders wont be very skilled, and /or they wont have much time. Chrome's approach is just incredibly sloppy. With virtually no skill, and in no time, someone can grab a list of your passwords to take away and have fun with in their own time. The average user would expect that some kind of effort is made to protect their passwords, and they are entirely right to do so. They don't expect it to withstand an attack from the NSA, just make it harder for a jealous girlfriend / boyfriend to steal their Facebook password so they can go away and monitor all their private messages.... I get asked to do this for people a lot, by the way.