For general readers: Its pretty safe when done via a browser plugin to a website because the plugin both verifies the website (anti-phishing) and uses auto-fill rather than type (it directly injects into the target field rather than typing, so clickjacking isn't a risk).
Its rare that I use passwords outside of the browser now, but windows and mac allow system credentials to mitigate the same risks for desktop apps (the app must support it).
