Comment 7 for bug 1996267

> > According to the chromium documented cited, this is wrong.
>
> If it applied a rot13 to your password

...it would be the same security level against anyone who has ever read anything about security as storing it plaintext. That is just obfuscation.

The point was not that it is plain text. The point was that it is unsafe. And your cited discussion thread jdstrand also refers to the situation as
> with it not connected the passwords are stored in effectively plaintext on disk

If there is no (secure) secret, there is no added security level.

> > For many people an autoconnect for the password-manager-service would probably solve this
>
> Then you're welcome to follow up in [1], in which the automatic connection of the interface has been
> declined. I cannot override the policy reviewers' decision.

referring to that thread is a sensible answer;

probably there should be a feature request for an auto-connection to some kind of restricted password manager (where a snap can only write and read its own passwords), which may be manually connected to one of the usual password managers if the users decide so.

if what jdstrand writes is true..

> Other snaps that plugs password-manager-service also have access to chromium’s passwords.

.. i think the current password manager situation (all connected snaps sharing passwords) is kind of broken. Probably the same kind of broken like on a normal desktop, but snaps are supposed to sandboxed.