The security team can take a look at this again, especially if the technical situation has indeed changed since the original decision was made.
when used from a snap (or flatpak) libsecret will default to store the secrets in a local file encrypted with a secret provided by the keyring
I just tested this by making a small snap that uses libsecret and without doing anything special, it added my secrets directly into the Login keyring (and would read from it), so it seems to me as though the default behaviour hasn’t changed, (unless of course I did something wrong). I did not specifically use portals.