But you can always conceive of some would-be attacker with a given skill level. You conceived of a child who knows about Chrome settings but not about keyloggers, and thus concluded that there should be a master password in the browser.
But I could just as easily conceive of an attacker who knows how to read a computer screen but doesn't know how to use basic window management, and thus conclude that the browser window should always display all saved passwords as long as the user can minimize the browser.
Or toward the other end of the continuum, I could conceive of an attacker who knows how to install a keylogger but doesn't know how to lift and spoof fingerprints, and thus conclude that the browser should require a fingerprint scanner to recall saved passwords.
These arguments need to establish why the line should be drawn in that specific spot, rather than just mentioning the line and describing the types of attacks it can thwart.
But I could just as easily conceive of an attacker who knows how to read a computer screen but doesn't know how to use basic window management, and thus conclude that the browser window should always display all saved passwords as long as the user can minimize the browser.
Or toward the other end of the continuum, I could conceive of an attacker who knows how to install a keylogger but doesn't know how to lift and spoof fingerprints, and thus conclude that the browser should require a fingerprint scanner to recall saved passwords.
These arguments need to establish why the line should be drawn in that specific spot, rather than just mentioning the line and describing the types of attacks it can thwart.