No problem, 1 correction though, the master owner private key/password should never be used, only if you want to change it (if it gets compromized). Instead you only need 2:
- Posting Private Key: for posting & upvoting
- Active Private Key: for moving money & SP
The active key can move money, but it can't change itself, so if a thief gets their hand on it, he cant lock you out. And seeing that you have your money in SP, you can easily see if somebody has intruded in your account, he probably cant steal a much money before you noticing it.
The owner private key should be kept at maximum security, and should be only used for as backup if you want to change it.
I am not sure but I think you can generate the keys in the Steem wallet software safer than through browser, but I am not sure on this.
But if you change the owner key in browser you have to login at least once with it, to view your other keys, so there is some risk there that an MITM attack can steal it, although that depends on how safe HTTPS is.