Windows already has a secure kernel credential store, they could move the Edge password store there with a bit of effort, minimize the splash damage when you retrieve a single password to send over HTTP from the regular user space.

> Credential Guard prevents credential theft attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets (TGTs), and credentials stored by applications as domain credentials.

> Credential Guard uses Virtualization-based security (VBS) to isolate secrets so that only privileged system software can access them.

https://learn.microsoft.com/en-us/windows/security/identity-...