It's vastly more likely you'll be pwned by remote passwords than local programs. Even if it is a local program, there's so many ways to store a password there's no automated way to reliably get a password. Your threat model will become a person targeting you specifically, thumbing through your files to find information, etc.