Right, but most browsers aren't owned by money-losing startups desperate for any bit of training data they can get their hands on as scaling taps out.
I really doubt OpenAI consciously wants my passwords, but I could absolutely see a poorly-coded (or vibe-coded, lol) OpenAI process somehow getting my keychain into their training set anyway, and then somebody being able to ask Chat-GPT 6, "hey, what's Analemma_'s gmail password?" and it happily supplying it. The dismal state of LLM scraper behavior and its support (or lack thereof) of adherence to best practices lends credibility to this.
I really doubt OpenAI consciously wants my passwords, but I could absolutely see a poorly-coded (or vibe-coded, lol) OpenAI process somehow getting my keychain into their training set anyway, and then somebody being able to ask Chat-GPT 6, "hey, what's Analemma_'s gmail password?" and it happily supplying it. The dismal state of LLM scraper behavior and its support (or lack thereof) of adherence to best practices lends credibility to this.