Credential theft will always be possible as long as creds are stored whether it’s the browser or the OS.