My understanding of SteemConnect is that they never see your private key. They use your key to create a permission token on your device.
I would really love to be corrected about SteemConnect or why this service provides more security
It is true that SteemConnect never sees your key as it is currently built, but since you are entering your key into a site served by them, they have access to see your key and could see it if, say, someone hacked their server and modified it to do that, or if a malicious site posed as steem connect in a phishing attempt. With the browser extension websites will never get access to your keys in any way, so even if you visit a malicious site or a legitimate site gets hacked, they will never be able to get your keys.
That's the difference. It's not perfect, and it doesn't mean that you don't still need to be careful with your keys and what transactions you sign. But in my opinion it is a significant improvement over SteemConnect when using a browser that supports it (only Chrome and Brave right now but more to come).
As far as extending SteemConnect to an extension, that's not as simple as you have made it sound. They are very different products built to do very different things. I believe it was the right call to build this extension from scratch to do what we wanted it to do rather than try to modify SC to do something it wasn't built for.
Thanks for explaining it to me! It's nice to see someone literally introduce a solution to the problem at the same time that I brought it up... lol. Nice work!