Why does Mozilla Firefox encrypt saved passwords?

It's probably to simplify the implementation. Rather than having two cases where the key store could be encrypted or not depending on whether Master Password is set, the code always encrypts.

This reduces the likelihood that a code path that forgets to encrypt when Master Password is enabled goes unnoticed.


I'd say that the reason is to obfuscate the stored passwords, and that the "remember websites passwords" feature in Firefox is supposed to be always used with a master key.