Users have differing expectations with respect to security. I obviously don't use Chrome's password saving function, because I'm aware that it will give my passwords away with ease.
Still, though, I find Chrome's practices in this respect rather crazy. The security I expect from the password manager is not that it will stop a person who really wants my passwords, but that it will allow me to lend my laptop to Joe Random Untechnical Friendquaintance to look at a web site, without feeling like I can't leave the room for two minutes because it's just that easy to see all my passwords. That's as simple as (say) a reversible hash.
I don't expect chrome's password saver to be secure: I'd just prefer it to not go out of its way to present passwords to the public. Or, at least, to make it very clear to users that their passwords can be seen that easily.
Finally, there's absolutely no reason why an untechnical user would know that chrome will give up their passwords like that - why would they?
Still, though, I find Chrome's practices in this respect rather crazy. The security I expect from the password manager is not that it will stop a person who really wants my passwords, but that it will allow me to lend my laptop to Joe Random Untechnical Friendquaintance to look at a web site, without feeling like I can't leave the room for two minutes because it's just that easy to see all my passwords. That's as simple as (say) a reversible hash.
I don't expect chrome's password saver to be secure: I'd just prefer it to not go out of its way to present passwords to the public. Or, at least, to make it very clear to users that their passwords can be seen that easily.
Finally, there's absolutely no reason why an untechnical user would know that chrome will give up their passwords like that - why would they?