Why key4.db isn’t encrypted?!?!
It’s a sensitive file which can be used to get all saved logins, without logging into the OS.
It’s rare for users to make it safe using Primary Password capability in Firefox Settings. also when Primary Password is set, the performance drops specifically.
I offer using Operating System Keyring Service (ex. DPAPI in Windows). Google Chrome has implemented this feature. So Chrome have a safer password manager.