Since you are doing local crypto sigs, it protects you from bad security practices by websites (storing credentials in plaintext, not salting hashes) or even data breaches that allow bruteforcing a password.