So you're proposing every time the browser launches it gets the private key from Google?
Sandboxing to prevent javascript is already in place. So current scenario or your scenario, the risk of a content-based malware breaking the sandbox to execute code in user-land is the same. So it doesn't really matter if the private key is stored at Google or locally on the machine.
The only thing your scenario does over the current scenario is block the casual user from hitting "show password" if they step up to someone's unlocked machine while they're away from the keyboard. And even still, the UI could be programmed to display the password the way it currently does.
No matter what, it comes down to "if I trust the software to decrypt for me, then the software will decrypt for me, and anything that can act as me (without additional credentials) can trigger the decrypt"