OK thanks for letting us know, I always wondered about this. So this would mean that if your password file gets stolen, the file should still be encrypted. That's why I never understood why browsers never beefed up their password managers. You might as well use the browser itself, instead of having to rely on third party tools. But only if browsers can guarantee that passwords are savely stored. And the password file shouldn't even be accessible to other apps. Currently that's not the case.