A good safe is judged by the time required to break it. There is no safe that is unbreakable, you just need to put enough time, effort and noise to open it. Same thing could be applied here. Installing software, dump the cookies and so on requires time. Right now with this security a person could get my password in a couple of clicks with almost no technical knowledge. I'm not talking about a clever hacker, but rather a random person in a cafe with wifi asking someone if she could check her emails and steal the password while staying in Chrome. Again, it's not about making it impossible to retrieve, it's about making it a bit harder than just clicking the "show me the password" button.
Of course I would never give physical access to my machine to anyone I don't trust. I always lock my computer when leaving it unattended... but I really doubt that anyone acts like that. It's a pretty geeky thing to do and the mainstream crowd isn't as worried by security.
Let's say the master password solution isn't good because of the feeling of security it brings. Instead why not never show the password? Just say to the users it's stored on your system, but don't show it in plain text in Chrome.
My point here is that there is little to no value (unless I'm missing something) to display the password in plain text, but there are some drawbacks (easy to see for semi-technical people). So why have this feature in the first place?
This being said, security through obscurity is never an optimal solution, but again going back to my "safe" analogy (not unbreakable, just hard to break). If a hacker wants to change the password, it takes a few clicks to locate a site where the user could be logged in. Then the clicks required to get a new password. Add the delay of email reception and so on... It takes more time and effort to do that than just click "show me all the passwords" and take a photo with a smartphone. Plus doing so will give you 1 password only.
About the keyboard presses count, let's say I use both mouse and keyboard.
ctrl+, (shortcut to settings)
click to advanced
click to manage
It's 4 operations. In my opinion, it's way shorter to do that and get ALL the passwords of a given user than try to change the Facebook password. Again, and I'm really stressing this out, it's not about making an unbreakable system. It's just making it a bit harder to break.