If they're autofilled, which is the very reason to store them, then it doesn't matter how deep you store them. The browser will dig it for you automatically.
But only after the password store was decrypted after providing the master password, or not? And that is good enough for me. If I let someone to use my computer, of course I will close the browser before. So he can use my computer, launch the browser, but will not be able to access my passwords, since he doesn't know the master password.
