I'm quite sure the article is talking about the way to pay that is stored inside not the real wallet.
Because if I'm wrong and your browser will store your private key I can see a lot of phishing scams, trojans, malware and everything that is nasty and can infect a browser targeting this.
Actually I don't feel comfortable with anything that is supposed to "make spending BTC easier" that comes with decreased security for your coins.
from what i understood it is a payment "request" API not something to send the payments or have any access to your private keys or anything like that.
for example you (as a merchant) create a Hierarchical Deterministic wallet offline and get its master public key and give it to your online browser setup system or that API. then it can create all your public keys (bitcoin addresses) without ever having access to your private keys and you request payments with a new address each time. safe and secure.