No one is going to guess the password Steemit made for you; however, that password is stored in your web browser making it vulnerable to XSS attacks (like has already happened) and any other attack which compromises your browser. A browser is a huge attack surface. Also, if Steemit.com's servers get hacked, they can be corrupted to steal your password as well. Browser plugins/extensions could steal your password too, etc, etc.

Steem Pressure is not built using web technologies, and does not run in a browser, so it's a very, very small attack surface. I am also well trained in software exploitation, and I take care in all of my software to ensure that I use secure coding practices and handle data safely. That being said, I'm only human and I can and do make mistakes, so it is possible that Steem Pressure could be hacked despite my best efforts, but doing this would be even more difficult and time-consuming than hacking Steemit's servers.

Attacking Steem Pressure is also comparatively low-reward, since an attacker would have to start over from scratch for each user he attacked, whereas if he compromised Steemit.com he'd get all the users who keep their passwords in the browser at once.