Sort:  

Many sites are using offline tokens, if they get hacked, the users are screwed equally like putting the private key directly into. But the hacker doesn't even need to get it from the localStorage but take it directly from the database of the server. And its not really easy to prevent phishing here either.

Why not making a solution like steem keychain for all browsers? =)

Yeah did everyone forget utopian-io and the compromised keys via steemconnect? I guess so. Amnesia?