Whilst researching another question, I've noticed that on OS X 10.9.4 there are many instances of Library/Keychains/login.keychain from ~ within the Data folder of what looks like apps from Apple App Store within ~/Library/Containers.
Is this merely a coincidence, or does this mean that any random app from the App Store can so easily get a hold of all of my passwords in one go?
No. Just because there is an alias to something from an app's sandbox container does not mean the App has access to it -- that's still controlled by the app's entitlement list (and I strongly suspect Apple would reject any app that requested direct access to a user's keychain files). Also, even if it could access the file directly (as a non-sandboxed app could), the passwords are encrypted, so it'd still have to get past that layer of security.
