I've always hated that argument. Yes, if someone as access to your local file system, you are already SOL, but if that machine is part of an org, they aren't necessarily SOL except for now those plain text passwords can potentially be used for easier lateral movement to hit other, more privileged accounts (if you had access/had them saved in that password manager). At minimum, those credentials can now be used to phish the rest of your organization.

Stopping the spread is just as important as protecting any individual machine.