Of course. I wasn’t trying to answer the question with my last comment, though, but more trying to ask for a use-case (that doesn’t fit my “image” about it).
The thing, as far as I see it, is that as long as we assume the plugin source code to be “scrambled enough” to not get reverse engineered, encrypting the information is basically all one needs (as in this case, it is possible to make it as difficult to decrypt as required, this then is no less secure even though it is exposed. Add 1000 files looking similar and it isn’t any more exposed than some storage XD might be able to provide). On the other hand, if we consider the source code to be unsafe (which it basically is without an implementation of something like Can we get some kind of simple integrity check for plugins? And maybe real protection someday?), it doesn’t matter how securely something is stored, as long as a plugin can reach it, I can simply edit the plugin’s main.js, inject some malicious code and get the secret logged right into the console.
Therefore, my question would be if I’m getting this all wrong (and the use-case is actually completely different and doesn’t have these problems), since in the other case, the above would apply, meaning there basically currently wouldn’t be a way to have a truly secure storage, even if there were such APIs.