Javascript provides a mechanism to restrict function variable access to closures that capture them. These variables then behave as private fields that can not be read by any external code. Here's a crude illustration.
var masterPasswordSafe= function()
{
var masterPass;
return {
setMasterPass: function (pass) { masterPass = pass; },
generateSitePass: function(site) { return ... ;}
};
}();
masterPasswordSafe is set to the object literal returned by the invocation of the anonymous function. masterPass can only be read by functions in the masterPasswordSafe literal and none of them return the master password. The master password can only be set, used to generate passwords but never retrieved even by passwordMaker itself.
If this technique can not be circumvented by extension javascript running in Firefox, and can therefore protect against rogue or compromised (hacked) or vulnerable extensions then I think it's worth using. Currently I feel uneasy leaving the master pass in memory, though that's exactly how I would like to use passwordMaker.