There is a related feature on the phone. I can identify and record "safe" locations on the phone so that when the phone is found to be in that location it does not require a password. You are automatically logged in by GPS location. This is great when you're home or maybe even work... if you do not mind the obvious complications.
So you can see that if your:
- SmartLock knows home is safe
- the phone has auto unlocked
- and paired with a ChromeOS device
- and the devices are in range
your ChromeOS device will auto unlock with a click of a button. (you can temporarily disable this feature by clicking on the lock when you logout).
This is a particularly good feature when your in public. Clearly you do not want people to see what you might have logged into and correlating that with your password which can be captured with a gopro or even the store or coffee shop store camera. It's no longer the thing of science fiction. So having your phone handy, and unlocked, means not having to worry about your password.
However, this does create a different attack vector. If you at a location that is not SAFE then you need to unlock your phone manually; which can be recorded. And then there is the potential that there is a backdoor for the Bluetooth detector thing/code. All someone needs to do is steal your phone and get to one of your safe locations before you and they have access to the family jewels.
The good news (a) I do not have the family jewels on my phone. (b) the tough ones still require a password. (c) I never access them from the public.
The bad news (a) it might still happen if one of the vendors I depend on is vulnerable and I've been exposed. (b) someone is able to steal my computer and phone and get to my safe place before me... or even at some distance depending on the geo limits of SmartLock.
The really bad news is that Google has not yet provided a killswitch so that SmartLock can be disabled from anywhere. Once the bad guy has my phone and computer changing my password may not help.