Perhaps I’m missing something. It seems another comment already addressed the essential issue. My understanding is loopback requires access. While I get it a nefarious person may be able to acquire that access, said breach is the more serious issue.
I’m all for making the entire password passing process as secure as possible. Unfortunately, much of the mechanism is subject to the inherent paradox of humans hate hassles and delays. Besides, according to the annual roundup of preferred passwords, the top 1,000 strings are well known.
PS: I totally agree cloud storage of passwords is insane:
1) Create a target. It will be attacked and most will be compromised.
2) If someone says their cloud storage is safe, they’re either naive or lying.