If someone gain access to the browser with the imported cert, he/she will be able to authenticate to all the connected sites. But that holds true for all websites (e.g. Facebook and Twitter) which allow users to keep a logged in session on their browsers.

The risk comes when somehow someone got hold of your certificate (with the private key). But even with that, your key should be still stored in encrypted format and require a password in order to be imported to a browser.

On top of that, REMME also supports 2FA, so your Google Authenticator/Authy will also need to be compromised in order for others to gain full access.