TL;DR on recent versions of macOS, including High Sierra, arbitrary apps can dump the full OS keychain (including your plaintext passwords). I tweeted about this last night which included a link to a video demonstrating this attack. Since 140 characters isn't really enough space, I wanted to clarify a few things. Q: What is the keychain? A: Detailed by Apple in a document titled "Keychain for Mac"