> you can do the same with any password manager. If you don't lock your "vault" any of your passwords are exposed
True, but:
1. People are aware of that, it is an expected threat vector so at least a little less likely to be an issue. The behaviour of the FF password generator function is unexpected (to many) so is a hidden potential problem.
2. Good password managers have the option to auto-logout after inactivity which can mitigate an attack if not performed quickly.
3. Other similar attack vectors existing does not mean this one shouldn't be considered for closure, or if not closing by changing the behaviour perhaps instead adding a warning.
I think it would make sense to create a "regenerate" button or something like that.