To me, the Google "download all synced Chrome/Android *plaintext* passwords as a CSV" feature represents a dangerous single point of failure, and your security policies ought to prevent syncing.
9
42
146
Conversation
Replying to
Users can set a sync passphrase to enable end-to-end encryption for the synced data. If you don't have a sync passphrase then access to the account is access to the passphrases. Removing this interface would only serve the hide that fact. It could still be downloaded via the API.