With Keychain, malicious website code cannot steal your private keys. With Keychain, all signatures are made using the extension, which defaults to you approving every signature.

Using this model, you should never need to enter your Steem private keys into a website, which should greatly reduce the possibilities to have your keys compromised.