I noticed this as well, I used to do the same and so did everyone I know. I stopped used any Chrome based solution after seeing that if my Chrome was sync'd to my phone, and my phone was unlocked, someone could open Chrome on my phone and, with only my phone's PIN to unlock the vault, view all my passwords. This seemed super weak. So I switched to a different method of storing and generating passwords. But as far as I know, most people I know just use Chrome's password manager. And you know... I haven't ever heard of a Google breach where vault databases have been breached...