I think your point is valid with respect to experienced, technologically-proficient attackers. But as Berners-Lee points out:
The attack is by colleauges, members of family, etc, not by hardened black hats.
As readily available as tools like John the Ripper and its various clones are, the average user (parents, schoolmates, stalkers) probably won't think or be able to operate such a tool. These are the kinds of attackers who will, when asked for a master password, either start guessing or just give up. Hence:
Well, in a lot of places with say teenager culture or
work groups, if you leave your computer open you know
people will read your facebook and may even send messages as you largely for fun.
It is a different damage level of security failure for someone to get hold of the password and be able to log in and stalk them at any time in the future.
The attack is by colleauges, members of family, etc, not by hardened black hats.
As readily available as tools like John the Ripper and its various clones are, the average user (parents, schoolmates, stalkers) probably won't think or be able to operate such a tool. These are the kinds of attackers who will, when asked for a master password, either start guessing or just give up. Hence:
Well, in a lot of places with say teenager culture or work groups, if you leave your computer open you know people will read your facebook and may even send messages as you largely for fun.
It is a different damage level of security failure for someone to get hold of the password and be able to log in and stalk them at any time in the future.