alt Hacker NewsThere was a recent comment: "if you don't know: any browser extension can read input/password fields across all site(s) you gave it access to (yeah, it's crazy but unfortunately true)."
https://news.ycombinator.com/item?id=47553048
Would either WF or LW fix that? Is it true?
Nothing to "fix" per se - webextensions need to interact with website data, otherwise they wouldn't be much use. Any extension with content script access can read page content including form fields.
The only real mitigation is being selective about which extensions you install and what permissions you grant them (even then, ownership of extensions change hands, updates can change what they do... it's a never ending battle really).