So... don't use a weak password. (Saving the password on your computer, including 'Remember this password' automatically makes it weak.)
Use lowercase, numbers, uppercase and symbols. A lot of people (probably close to half) forget about the last two. Make it long (at LEAST 8 chars) and not in the dictionary, nor a concatenation of words in the dictionary
Actually, some 2003-2005ish malware can directly "read" into your ********* password fields and saved passwords and send them around, but at the moment this stuff is not the featured malware of the month.

The featured malware of the moment are the "keyloggers" - a phenomenon exploded along with World Of Warcraft diffusion.
Ill minded third world countries criminals (or regular hackers too) redirect gullible or not paying attention people into tampered with internet sites.

Typically you'll read a post or a blog with:

"Latest news" or "Nice girls at"

http://abcd.xyz.cn/goto.php?blah blah

(notice the ".cn" and "goto.php", not obligatory but a lot spread keylogger URL parts)
which believe or not, attract a fair share of clicks.

As users click that, malicious software gets installed to send the hackers everything, really everything you type.

In this case, having your passwords saved into permanent fields would save you typing them and thus preventing the hackers from getting your passwords, credit card info and much more.

Finally, at least when I created my Paypal account (many years ago), it checked for "weak password" and would not accept the 6 characters + numbers password I typed and so I had to put a safer one anyway.

I was right, I did forget the password
Click on the "I forgot password" like link and you can retrieve it by answering some questions yourself indicated at account creation.

1) If you snail mail us your credit card info, we will promptly shred the envelope, burn the shreds and then eat them.
Hmm, so you got your personal Lunus clerk burning and chewing on stuff?

2) If you email us your credit card info, we will promptly smash the computer, burn it and bury the pieces in the desert.
Hmm, you hired Shulahravaukar. Lunus indeed!

What makes me unhappy is that they mail me junkmail offers with my full CC number, address, personal info, etcetcetc inside. Weeee. I hope no scammers ever figure out that company does that. One of these years I'm going to have to get a credit card from a real bank, and not one of these "we have no branches and only exist online, except for our headquarters which are in our CEOs mother's garage!" banks
My bank would never do that. The little they send is in special double "walled" envelopes with random patterns to make reading in transparency harder, plus a black sheet around what they sent.