@OP: can you explain more precisely what you did?
He looked into his own system memory and was amazed to discover stuff.
In his last post he said he managed to make a browser plugin that was able to read the pw when user entered it on blockchain.info. That would be a serious threat.
That's how it's supposed to work. When you open a Blockchain wallet, you're opening it in your own computer RAM. Your own browser is going to read at your own password, because he needs it to decrypt your wallet in the memory. Yes, there's a vulnerability when you type your password and use it to decrypt your wallet, since you can intercept the password at that moment (using a keylogger or any malicious software). But it's nothing new, that vulnerability always existed. If you use the official Bitcoin software and type your password to decrypt your wallet, you have the same vulnerability. Your password is going to exist in a decrypted form in your system memory at a point in time. We consider the risk acceptable simply because RAM is so volatile.
The difference between blockchain.info and other online wallets is that the point of failure is at each user computer, instead of being the server itself.
tl;dr
TradeFortress is trolling.
He might be trolling, but he's not saying: "I found blockchain pw in my memory". He's saying: "I can write an extension that will send me the pw if installed in the browser by someone". That's a big difference. It's not exceptionally hard to make a browser extension that will be installed by many bitcoiners. Up until now I thought it'd be hard to make one that send the blockchain.info pw home. I'm not so sure any more.
