That is a fair question. At this point for staking in browser there is no way to use it encrypted so the security is only in the hands of the computer user (have a good AV solution like BItDefender).
Best practice to avoid this is run a very small VM in which you install Linux terminal miner and use encrypted wallet for staking. But this takes a higher degree of knowledge.