If someone gets physical access to your computer, I still think you're pretty much hosed. This has become more of an issue as computing has gone from desktop to mobile computing, as people are more likely to accidentally leave a laptop or a smart phone somewhere.
On the Firefox password, permissions, etc., the remote risk to me seems to be that options like remote desktop expose your hard drive. I also am not sure how secure the Firefox profile areas are. They're obviously exposed to the browser, which interfaces with the web. Firefox provides this information to different web sites. With physical access, it's pretty easy to get these passwords without doing anything sophisticated. Just crank up the browser and use either the bookmarks or the browsing history to surf to the site, and bammo, Firefox provides the login and password. Google chrome is also very loose in remembering and supplying passwords. Don't know about IE, cause I never use it. While these functions can be changed in preferences, most people want it convenient.
I've lost track of the number of laptops lost by company and government employees. These laptops will have unencrypted databases with tons of personal information on them. Even if you keep your information secure, Mr. Social Security, your insurance agent, your retirement account administrator, or the state agency that maintains driver's license information has all this information aggregated. It's not just hacking your computer that's a risk. Also, many of the cc company identity thefts are inside jobs, and a lot of IT work is outsourced. I strongly suspect a lot of back doors have been built into secure programming code.
Keep in mind in the Windows world c$ is automatically shared, anybody that can get to your network can get to your drive without having to access your computer, from there it’s just a matter of navigation and copying. With that it all winds up depending on how secure the network is, and a lot of people home network these days, with surprisingly little security.
In the end computer security is like physical security, mostly you’re just trying to erect enough barriers that they decide somebody else is easier. Criminals are after all lazy people.
And yeah, then there’s all the other ways you’re at risk that you have no control over. It’s a wild and woolie world. Probably the best security is to stay so broke nobody actually benefits from stealing your stuff ;)