I think you've got to put this into perspective:

1. Passwords stored by IE are for external services. They're obviously known by the service providers (who are not terribly trusted) and are sometimes sent in the clear. There may be some passwords for important things though.

If something is sufficiently important, they should use a challenge / response (enter the 1st and 3rd digit of your pin) or physical token (securID etc)

2. If you are worried about someone getting into your machine when your back is turned, either you have a lot of very untrusted people in your department, or you aren't locking your screen when you should.

3. If someone *did* get access to the console when you were logged on, even briefly, they could pop a keylogger on there in a few seconds, which would defeat all the measures above.

4. If someone got physical access to the machine in your absence (presumably when you weren't logged on), they could still plant a keylogger easily and undetectably.