As of yesterday, Jaxx’s director of business and community development, Charlie Shrem, told ETHNews he categorically denies this allegation: He said,

“There is no vulnerability, no one lost funds here. The author of the article basically says that someone can retrieve your 12 word backup seed if they have access to your device. If you aren't securing your device (pin, password, encryption, etc) how can you blame JAXX if someone steals your unsecured device and steals your money?

Do other wallets secure better? Yes! Can we do a better job? Yes! We are, and we have solutions for all security related matters including this one such as double encryption.”

I just don't understand why Jaxx has not committed to the short-term improvement of implementing a user-supplied passphrase for backup phrase encryption for their desktop / chrome extension products. This would really not be difficult to do, but it would reduce user risk significantly.