Currently, viewing stored passwords require that the user enters the master password, but strangely, deleting an entire username+password entry requires no form of authentication.
I noticed today that I can delete a saved login without entering the master password. This is a terrible security lapse as an adversary can sabotage saved login information. From there, all sorts of attacks can start.
