Add-In Permissions
One of the add-in permissions is "Access your data for sites in the “named” domain". I looked at that and thought, "That certainly cannot include passwords"; BUT the explanation for this permission is: "The extension could read the content of web pages you visit in the specified domain, as well as data you enter into those web pages, such as usernames and passwords. "
I was stunned.
That means that addins that get this permission have access to my banking/medical/etc. usernames & passwords. This is not acceptable. Can a permission be developed that would be: "Access your data for sites in the “named” domain" (except usernames/passwords).
The permission "Access your data for all websites" is significantly worse in that it applies to all sites.
Alla svar (2)
This is a precaution. It doesn't mean that this add-on actually reads your passwords or it could send this data anywhere.
The add-on does not necessarily ACTUALLY read the username and password, but does that permission mean that the add-in COULD read the username and password ? If so, is there a way to raise a warning if it does?