I think the only reasonable way to achieve Tavis' conclusion would be for browsers to start providing actual password management APIs for extensions. I agree that locking in all my passwords with my browser vendor would be unacceptable.
This isn't really what I want: This allows the extension to communicate with a native app, and that's often used to implement password managers. But actually I would prefer if extensions don't use native components at all, especially password managers.
What I want is an API for extensions to hook into the built-in password field detection and auto-fill mechanisms of the browser, while providing their own storage mechanism for the password data (maybe by connecting to a cloud service or something). This would avoid every password manager having to re-implement its own workflows for those things.
