Internally in memory, the PasswordMaker Browser Extension stores the master password encrypted. However, whenever it must display the master password, the master password is decrypted. Unfortunately, there is no way around this. The PasswordMaker Browser Extension does its best to proactively clear sensitive memory after it is needed, but this is not fool-proof. If someone were to:
and know where to look, he likely could find the master password (decrypted).
Just as there are no guarantees in life, the same is true with PasswordMaker :)
Let me know if you have other questions,
Eric