Just to be clear, any security they could put on top of that would only be a deterrent to inept or non-criminal-minded people since encrypting those passwords is reversible and not allowing them to be seen inside Chrome wouldn't stop other tools. One alternative is to require a password to unlock the keychain, but I suspect most people don't actually want that (to have to type in a password in order to allow Chrome to autofill a password for them).