Or they should require the user to re-enter the credentials during the restoration.
Technically, that's what happens. Safari doesn't store any credentials itself, they're stored in the system keychain and Safari asks the keychain whenever it needs a key. The keychain itself has a master password and its contents are encrypted.
On the other hand, by default the keychain password is set to the login password and is automatically unlocked when the user logs in. Further, most users choose to have their computers automatically log in at boot - so there is no effective protection if someone gets ahold of their computer.
You can change those defaults to be more secure. Apple chose not to make that the default as most people simply don't care.
Personally, my keychain password is different, my computer doesn't automatically log me in, and the keychain locks itself after 15 minutes or system sleep. This is annoying as I have to authenticate myself every time an application needs something from the keychain - something a regular user wouldn't put up with.