(no title)

Simply gaining physical access to the machine should ABSOLUTELY NOT enable an attacker to extract practically all web passwords in something like 15 seconds, without any special tools.

Are you completely ignorant of how the OS X Keychain works and should be implemented application-side, or are you just willfully ignoring it?