Access to browser data as described in the reported scenario would require the device to already be compromised.

Encrypting passwords / loading them into memory on an as-requested basis limits the scope of what gets compromised on a compromised device. The “performance” insinuation in the article is BS, other browsers autofill just fine without keeping all passwords plaintext in memory.

With this vulnerability, scam artists will be able to harvest all of a user’s passwords within a minute of connecting. Older folks fall for these types of scams all the time.

By Microsoft logic, you may as well leave a safe unlocked since access to its contents would require that your home have been compromised already.