There is a simple fix for this and FireFox uses it. Simply, allow users to create a master password to view stored passwords. They don't need to be asked to enter it every time they log into sites so the ease of use remains. But, if a stranger gets a hold of their machine, they will be one giant step farther from retrieving their passcodes.
PS. This was always an issue with Chrome, and it is why I don't use Chrome on my mobile machine. Safari has a similar problem. So I recommend 1Password for mobile computing if those are your browsers of choice.
As far as I know, Safari uses OS X’s keychain which means you practically have a master password (very likely your user account password, although you could use a different keychain). If I try to retrieve a password (either through Keychain Access or Safari’s Preferences) I get asked for my “master password”.
PS. This was always an issue with Chrome, and it is why I don't use Chrome on my mobile machine. Safari has a similar problem. So I recommend 1Password for mobile computing if those are your browsers of choice.