So, I just took a look over at Engadget this morning and found this article:
While I always understood that, if I saved a password, someone could view that page as me, I did NOT realize that with a modicum of knowhow, that same person could also view what all those passwords are! So while I know that the best practice is NOT to use the same password for multiple sites, I may use the same PW for, say, amazon and my bank. Which means that while I might have been willing to let someone browse around my amazon account, if they know what they're doing, they also can now see the actual password for my bank account.
Thats right, not just open the page in the hopes that I've saved it, they can SEE your damn passwords.
Maybe I'm the only one who didn't know this existed, but it's a little scary. Wanna see how it works? Point chrome to chrome://settings/passwords - what will come up is a list of sites for which you've saved your password...with the passwords blocked out with asterisks, as you would expect.
What I did NOT expect was that there's a damn "show" button right there! How the hell did I not know about this before???