Why anyone would hold any significant amount in a chrome extension is beyond my understanding. Even if you’re using Metamask, use it in hybrid mode with a Ledger.
Because it is used by people, not cybersecurity experts. From the vendor's website[0]:
> Our position is simple: Your wallet. Your keys. Your crypto. Built-in private key encryption and a password-protected login means you’re always in complete control.
An average person that reads this wouldn't think about needing to add more protections.
Still, it's disappointing how (understandably) inept the average person is at reasoning where they should and shouldn't be placing trust in tech. It's also disappointing to be involved worth the tech industry, broadly speaking, and frequently witness shit shows of security incompetence and outright charlatanism. We can all do better, right? How we do that is definitely a question.
The base level of knowledge for computing is poor because computing is new in history.
How do I know what you personally trust is trustworthy? Some people use Protonmail trying to avoid lawful prosecution, thinking they're protected, and they will tell you they know what they're doing. A lot of the time there is too much noise for the common human to make an informed decision.
There is absolutely nothing preventing a developer using a crap RNG in some other wallet...and indeed it's happened several times over the years on various platforms.
It does sound like wasm makes the misstep somewhat easier in that it doesn't try to provide an RNG sufficient for cryptographic usage, but that also applies to quite a few other development platforms.
Because the secure options are less convenient. I mean a yubikey is less convenient because it's another physical device you shouldn't forget to put in your device and take out / with you at all times, etc.
