I found a thread on Reddit in which an user shows how easy it is to extract the 12-word backup phrase (seed) from a Jaxx wallet, both in the desktop version and in the Chrome extension.
"Even when your Jaxx has a security PIN configured, anyone with 20 seconds of (network) access to your PC can extract your 12 word backup phrase and copy it down. Jaxx does not have to be running for this to happen."
If a person gets your backup phrase they can restore your Jaxx wallet having access to all your private keys and therefore your coins.
All this is because the seeds are stored with an unsecured encryption
"The main problem is that the Jaxx software encrypts the mnemonic using a hard-coded encryption key, instead of making use of a strong user-supplied password."
As I mentioned before it does not matter if you have a PIN activated or if you have a strong password, since that is not taken into account in the encryption process.
Although the team of Jaxx is aware of this flaw they don'tt plan to solve it
In the same thread, the JAXX CTO says that they don't intend to modify their security model because he states that it provides a balance between security and ease of use. And he point out that it should be used as a "hot wallet" and not to store large amounts.