You should trust the autofill on your password manager because a lot of phishing attacks will make a very convincing website. You should use full disk encryption, just turn on file vault or DM crib. Use key ring and pick an appropriate back end for the level of security that you need in each place where your code's deployed.