Bad guys can already do this right now, and the url still shows the bank's domain, so non-technically inclined users are no less protected.
Technically inclined users probably never navigated to the url in the first place.
Your specific example is a flaw in the specific website, and there is little Chrome can do when a website is coded in a insecure way that persists across all browsers (and web standards).
encfs looks really cool in that it will transparent encrypt files and they look like regular files to dropbox etc, but they can go on any file system and encfs will still recognize the encryption when they come out. So that's always an option.
Sadly, the Windows port of it that I've tried is really buggy. I had to use it inside a Linux VM to really use it.
He who has but four and spends five has no need for a wallet.