"locking" the passwords would require intermittent master-pass entry like `sudo`, this would come off as an inconvenience to many users.
I think people here miss the fact that many users, even if they say they want more security, are unwilling to give up convenience and will switch platforms (i.e. browsers) if that's what it takes to get a smoother experience. In many ways (in this particular instance) security vs. convenience is more or less 0 sum- chrome team has decided users would prefer more convenience which means less security. Chrome team is giving users what they want: ease of use.
However, Pidgin “would encourage integration with keyrings” [0]. At least on OS X Chrome uses the integrated keychain and as Elusive mentioned [1] it apparently does encrypt passwords on Windows too.
So, I think Pidgin’s situation is a bit different and if they would have keychain integration they may solve this differently than Chrome does right now.
On OS X Chrome pulls the passwords out of the keychain and then makes them completely accessibly in plaintext through the settings/passwords page. I have no idea why it does this.
Keychain is accessible through standard system API calls.
Apple does not require any sort of approval or valid developer certificate to use the Keychain. Any app that attempts to access the Keychain will trigger a system-level notification to the user informing them of what the app wants to access, and allowing the user to "Allow", "Deny" or "Always Allow" the request.
I was floored that they let such an ignorant comment into the first paragraph:
> This is somewhat controversial in Windows, due to its weak file protections, but that's the way things are.
I read this as: we haven't bothered to look into the APIs for this... The Windows file permission model is a lot more granular than the "uid/gid/other" that most people are familiar with from Unix. Maybe this is a problem if you install to FAT32, which Windows disallowed since 2006.
Edit:
Apparently the text used to be:
> This is somewhat controversial in Windows, especially Windows 98 due to its weak file protections, but that's the way things are.
A user MarkDoliner then wrote:
> We no longer support Windows 98, so don't mention it.
But somehow in his editing neglected to make it a true statement.
"locking" the passwords would require intermittent master-pass entry like `sudo`, this would come off as an inconvenience to many users.
I think people here miss the fact that many users, even if they say they want more security, are unwilling to give up convenience and will switch platforms (i.e. browsers) if that's what it takes to get a smoother experience. In many ways (in this particular instance) security vs. convenience is more or less 0 sum- chrome team has decided users would prefer more convenience which means less security. Chrome team is giving users what they want: ease of use.