I thought extensions also mostly ran in their own processes, with messaging access into the tabs? So a password manager would have its critical code in its own process and only access the tab to look for fields to inject into, and hence be protected.