No they aren’t. The only time you see it in plain text is if you export passwords. If you go look at your passwords in the file location, they are encrypted.
Passwords are encrypted using your OS keyring. In other words, the password you use to use your device is what keeps it secure. If you try to go into your password manager, you’ll see they have to put in your OS password to view anything.
This here is your problem. Your user accounts should be password protected and never be logged in. You also shouldn’t be giving anyone access to those accounts. Why are you giving anyone access to any device and/or user account that has your personal information on it? That should only be done if you trust them.
And as to this point, it’s been addressed many times and already has existing feature requests. For example, below: