Using the secondary secure keychain Mac OS X is a nice way to store all your web username/passwords in one place. If you turn on Safari's autocomplete passwords you can manually lock/unlock this secondary keychain when you are using sensitive websites. The problem lately is that most of these websites are putting the autocomplete='off' in their html so Safari wont attempt to store them/retrieve them from you keychain. There should be some override provided so that you can still stores these values in the keychain. http://www.geocities.com/technofundo/tech/web/ie_autocomplete.html
The bug is irrelevant to Webkit in my opinion. It's Safari UI issue. You should file enhancement request via http://bugreport.apple.com.
This is a Safari issue. Marking as RESOVLED/INVALID because this can't be fixed in WebKit. See: <rdar://problem/3451594>