When I study about default browser in android, I see the password that saved by it does't encrypt. Is it security threat? Is there any way to an android application that reads these password and abused them (with respect to this is possible to read browser history)? Is there any CISSP way to encrypt these passwords?

Update: I see the passwords saved in /data/data/com.android.browser/webview.db file. Does cookies for default browser save in this file, too? If it is true, the sites access to this file for read and write cookies, and then a malicious app that resides on a site, can be access to webview.db.