So either we have to come up with a nice encryption scheme with a master password, or we have to store a session or other token and let it be up to the user to protect the user data. This is important for any other app as well, you can probably just copy someone's Chrome metadata and have access to all their stuff.