Can save passwords. Default login keychain has password that matches your user password. You can change this but causes two step issues.
Default keychain no longer syncs across macs. Lost this when mobileMe turned into iCloud.
You could have secondary keychain file or use a symlink to cause syncing across dropbox. This still only helps OSX. It is no good on iOS devices.
You can dictionary attack keychain files.
If you use the single user mode password reset trick because you forgot your user password you can log into your mac but it does not reset your login keychain password. This is assuming also that you have not implemented hard drive encryption such as filevault 2.
1) Passwords: This is what we expect from keychain
2) Secure Notes: Text note container. 1Password can do this as well but 1Password can embed images.
3) My Certificates: These are from ones you add yourself for services like encrypting/signing email.
4) Keys: Public/Private keys. Some automatic like iChat encryption keys. Some you obtain and add like mail encryption.
5) Certificates: The majority of what is in this container is all the trusted SSL Certificates.
Type CNNIC in the search field. This is a trusted China root certificate. That means anything they sign will show up as trusted in your web browser, not cause prompts by most applications etc. I right clicked mine, Click Get Info, Expand Trust and I changed to Never Trust across the board via “When Using this Certificate”