The problem is, I want my phone to be able to authenticate with way more than just Google services.
And I want it to be able to do that in a way which doesn't require me to remember several dozen secure-against-2012-vintage-password-cracking-techniques.
I _know_ that sometime in the next year or two we'll see another password leak like, say, LinkedIn's recent one - so I know I need to use 12+ "upper, lower, number, and 'special'" character non-dictionary passwords to ensure I'm not trivially exposed by rainbow tables or gpu crackers.
A quick count on my phone just now, there's at least 33 different services my phone "remembers" it's login for. Some of them use OAuth-style authentication (Twitter and Flickr, for example), and some (Google, Facebook, and Amazon) are 3 factor auth protected (but, against a rooted phone that wouldn't help much, since I'm using the Google Authenticator app to generate the auth tokens, if my phone were under someone elses control they could watch me using and unlocking the authenticator app...)
But there are still dozens of services - email accounts, websites, web service backed apps - that require the phone to have access to the cleartext password, either from me remembering it and typing it in, or from it's own storage mechanisms - secure or not.
My phone would be _remarkably_ less useful to me if it didn't store passwords, or only worked with services that didn't require password storage.
The decryption keys aren't just sitting out in the open so any amount of encryption is better than none.
This is like asking why would we encrypt data on a server since the decryption keys are accessible.
Of course they are, they're needed to decrypt the data. But at least it takes more time to find the keys and that "can" be a deterrent much the way "The Club" is a visual deterrent that can still keep a car from being stolen by demanding too much time to break it.
When you properly encrypt server passwords, they are not supposed to be decrypt-able. Whereas, this is supposed to be a two-way encryption as you need to access the raw data. Ergo, any form of encryption you can do can be easily undone and thus rendering your efforts moot.
Without device encryption, encryption of the passwords is useless, given root access, since the key is somewhere on the device as well. If anything, the only crime here is not using access tokens but storing the whole password.
With device encryption, the situation changes slightly. Unlike iDevices, most (all?) Android phones don't come with a hardware encryption chip, so, given a vulnerable bootloader, full-device encryption doesn't do much in the way of security. Under a secure bootloader, device encryption should be secure as well.
I don't see how a hardware encryption chip could keep me from installing a key logger via an insecure boot loader. What exactly does that chip even do?
