The way I understand it is that the chrome extension encrypts the key strings with a password you use to unlock and sign transactions. The software asks for just your posting key or active key so it’s minimal required to do most things. If anything suspicious happens from hacking to your computer they can’t do anything on hive unless they know your unlock password for hive keychain. I don’t know if a key logger captures the password but it’s safer than broadcasting the transaction to a third party server that then signs it for you. I’m not too technical for this particular stuff but it’s safer in my experience! Less vectors of attack.

If you’re concerned with protection try getting the Tor browser or Brave. I use brave personally and it’s great with the upgraded security measures.