Lee Holmes 
@argv_minus_one Hard to say. Neither of us have tried it. For performance reasons, browsers are pretty aggressive about not painting windows that are obscured, so this might come down to having the attacker's page up and active and then you walk away (and maybe not even lock the screen). Also, the demo wasn't a screenshot of all of that user's Wikipedia page, it was a few hundred pixels.
Matt Waters@Lee_Holmes @[email protected] It could be predictably zoomed in on where Wikipedia shows your user name.
But as stated, it does seem to have significant questions about using it in the wild. Any bank or financial websites don't use cookies for login to begin with. Data could be read with a very large iFrame on a phished website, but with this exploit it would soon look bizarre and would be much easier getting the credentials directly if you already have the user visiting your site.