Without device encryption, encryption of the passwords is useless, given root access, since the key is somewhere on the device as well. If anything, the only crime here is not using access tokens but storing the whole password.
With device encryption, the situation changes slightly. Unlike iDevices, most (all?) Android phones don't come with a hardware encryption chip, so, given a vulnerable bootloader, full-device encryption doesn't do much in the way of security. Under a secure bootloader, device encryption should be secure as well.
I don't see how a hardware encryption chip could keep me from installing a key logger via an insecure boot loader. What exactly does that chip even do?
Without device encryption, encryption of the passwords is useless, given root access, since the key is somewhere on the device as well. If anything, the only crime here is not using access tokens but storing the whole password.
With device encryption, the situation changes slightly. Unlike iDevices, most (all?) Android phones don't come with a hardware encryption chip, so, given a vulnerable bootloader, full-device encryption doesn't do much in the way of security. Under a secure bootloader, device encryption should be secure as well.