Please describe the problem:
This is to document what I see as a security flaw in seahorse:

Once a keyring is unlocked, one can display passwords in clear text simply by allowing seahorse itself access to the keyring WITHOUT HAVING TO ENTER A PASSWORD;

-this allows someone walking by an unlocked gnome session to *very quickly* get at all the user's passwords (yes, the user should have locked the screen, but given that this "exploit" can be done in 10 seconds or less, it's not practical; or for example, I should be able to let my bookkeeper (not a hacker) sit down and fix my spreadsheet without having to remember to lock every keyring beforehand - there is no timed autolock in seahorse either?)

The Mac OSX keychain access tool does the proper thing, IMO: it requires the keychain's password in order to modify the access control on any password in that keychain (that includes access by the keychain access tool itself).  This makes casual snooping more difficult.


Steps to reproduce:
1. walk to an unlocked terminal running a gnome session
2. double-click on any password in the login keyring
3. click allow-once when asked to allow access by seahorse, then click "Show Password"


Actual results:
Password is displayed

Expected results:
I should have been challenged using the keyring's password

Does this happen every time?
yes

Other information:
Autolocking the keyring(s) after a given period would be useful too though not a complete solution to this problem.