It's not different on Linux, every App can access any key in kwallet. To make this not possible the os would need to generate some kind of unique app id that can access only what it stored. This would probably result in a lot of lost passwords for normal users.