At least on Windows, Chrome uses a provided API function which makes the encrypted data only decipherable by the Windows user account used to encrypt the password. So essentially, your master password is your Windows account password. As a result, once you are logged into Windows using your account this data is decipherable by Chrome.
Right but that's really not going to help in most situations.
You've never handed your laptop to a friend to quickly check something on the web?
It would be insulting if you were to explicitly logout whenever someone wants to use your computer for a few seconds / minutes. This flaw makes it easy to view passwords in seconds, and makes it easy to do so in an inconspicuous manner.
It's a user interface failing more than a security issue.
