This is not possible, the passcode is the "only" protection towards keeping this data safe. All browsers handles the keychain in the exact same way.
If you go into settings
passwords and auotfill
then click any website
after typing your lock code you can see your full ID and Password for all websites visited.
I think this is a serious security issue. All someone needs is your code and they can have access to all your passwords.
Shouldnt the passwords be encrypted or just show dots?
Don't you have a serious password to be able to get into the phone in the first place? What do you mean by "All someone needs is your code and they can have access to all your passwords"? Even if your "code" is "03MaClRiHe&48"?