Security of native messaging?

Question

I have a NPAPI plugin for sign-in data on website.

I want to replace it by Native Messaging technology. I have read the documentation, but I have a question : Is this

Answer 1

You realize, of course, that Native Messaging will ONLY work within the bounds of the machine: With native messaging the browser will communicate with your host application over stdin/stdout.

So what exactly is the problem here? If the Hackers are capable of listening to your stdin/stdout they are already on your machine - you've already lost.