skid

I was at a friend's party a week ago and he was playing music on youtube. I mistakenly logged into his Google Chrome (this is a recent feature) with my google account and logged out immediately when I realized my mistake.

Some days later I logged in and connected my own Google Chrome with my google account. I got all the friend's bookmarks, which is ok. A day later, I opened the browser and tried to log into gmail (I didn't have the "remember me" option turned on) and I got my friends email AND password pre-filled in the gmail login form. I could read his password with document.getGetElementById('Passwd').value.

Has anyone also done this? Google is apparently syncing your passwords unencrypted.