Any program you launch can do the same thing as any other program you launch, so read documents, search history, downloads, etc. until UAC is involved. Not sure how that's disturbing or surprising, really. Windows (and Linux) doesn't have sandboxing as it is not a closed ecosystem like Apple's or Google's, despite Microsoft trying really hard with UWP. I'm actually happy it's (still) that way.
I might have missed something but from what I've seen that's not true. Your session cookie expires after your browser is closed, after which you will need to login again.