I don't know the internals, so I'm guessing, but for password sync between iCloud devices Apple might require a hardware protected key (like in a TPM). In which case it does make sense that this requires a native process running on the host. At least until that can be exposed in a meaningful way through a Web API. I doubt it's as simple as querying the iCloud servers for the plaintext password.