Still, this is scary to me:
This kind of attack once again shows how important our work is on the Firefox Account Manager to keep our users safe. User names and passwords are not a secure method of doing authentication; it’s time for the browser to take a more active role in being your smart user agent; one that knows who you are and keeps your identity, information, and credentials safe.
No way. I specifically do not allow my browser to store my passwords. I try not to let it store my history. I don't let it (or Google for that matter) suggest urls as I type into my address bar. This is because I believe a browser should be a stupid barrier between me and a site. So this idea that FF4 will have a session manager is going too far for me. A browser who knows your underwear size is a liability when it gets compromised, and so long as it's being asked to run all sorts of scripts (Java is coming back, and Ruby has been taking steps in client-side), it's not secure.
Seriously, I want the NoScript guys to include other browsers, pleeeease. And WebVisum. And a few other things.