Researchers have discovered that even if you have a security pin enabled, the wallet is still vulnerable. The attack only requires the attacker to have a few seconds of network access to your PC... even if Jaxx isn't running. Currently Jaxx has said that they "are very comfortable with this security model for hotwallets", and indicated that this is merely a trade-off to offer portability.
Read more here