According to the official plans, Firefox should become more secure this year, and protecting the users from attacks is indeed an important goal.
The insecure forms warning message has helped users get more aware of the the important on an encrypted web. Personally, I am using strong passwords, and I find it exhausting that the browser can’t generate strong passwords for me, and I have to switch to another application to generate it. The browser Sync features are very helpful, and we don’t need to remember or write down our passwords any more, so together with a strong password generation we get pretty good phishing protection, as a website that pretends to be Facebook but use a different but similar domain won’t trigger form autofill with our real Facebook password. In addition, I suggest triggering a warning message if user use the same password in multiple websites, which make a bigger risk for them to become phishing attack victims or lose their whole online identity if for some reasons their non-unique password has been exposed in one website and an attacker will use the same credentials to login to different websites.
In the long term, I hope that one day we won’t use plain text websites anymore, and will use something better such as openid or oAuth, but in the meantime, providing better security on the browser forms would better protect users anywhere online.
Here is a bug I’ve filed recently asking to add strong password mechanism to the browser password forms and enforcing unique passwords on different websites. What do you think about this idea? Do you have more suggestions on how to make Firefox more secure?