1 | initial version |
No idea why smc does not trigger a 'store password' response from the browser.
Also, this holds for most browsers (opera is an exception): if some other user has access to your machine, they can simply open the browser settings and read off your stored passwords in plain text. So, storing passwords in browsers may not be that good of an idea! :)
That said, every time you are about to log in to a server, you should check that the site has https connection and the certificate is valid. Most modern browsers make this very prominent in the urlbar when the site is a legit site (usually a part of the urlbar is highlighted as green).