Aha! now I have a decryptor for Apple keychains, spitting out plaintext secrets. Of course you do need the password, they're not stupid or anything :) It's also a good lesson in python and pipes being the way, rather than hacky C. So much easier to just screenscrape the output of Apple tools and parse fixed-length datastructures in python, than read arbitrary-lengthed attribute lists in C. (I had a fugly previous attempt which shall remain hidden from eyes).
Wonder if it'd be useful as a migration tool to the Gnome keychain-thingmo... Though that would require going back and replacing the security dump-keychain -r screenscraping with other code, which might get ugly. The source is available at least.