Still, somehow keychain would have to know the passwords, and presumably they would have to be encrypted with the login password of the current user. So it would still be possible for the current user to extract their own passwords. I don't think it is possible to hide passwords on the client side.