Precisely. What really makes Meltdown/Spectre so dangerous is that user-space code (read: "web browser") can potentially image your kernel memory. Secrets like passwords or keys may be stored in memory while it is being siphoned out to some remote party who is exploiting your machine and these secrets may, in turn, be useful in further breaking into your network, your system, your emails/logins, spoofing (certificates, public-keys), or - for crypto-holders - even your wallet. So, that's the risk profile for Meltdown/Spectre. These are strictly read-only attacks. Folks, go read the whitepapers and the official announcements from the affected companies (I have) before spreading FUD.