In Chrome Phishing, Robert Hanson blows the lid off the “Google knows what it’s doing so Chrome is secure” idea. He argues that Chrome has a long way to go before it’s a mature browser, free of easily-exploitable holes.
Remember the old username-looks-like-web-site-in-the-url trick? http://email@example.com/ is an example.
Try it in Chrome. Now try it in Firefox. Security is hard, even for Google.