Snoober I don't subscribe to this point of view because
- Some people think they have a strong password but actually it is not or it can be deducted with some social engineering
- Once your password DB is in the cloud, it can be downloaded and then the attacker can take all the time he wants to perform his attack and it's cheap and easy to rent CPU/GPU power nowadays or better he can wait for a vulnerability to break or bypass the security. Changing your master password or patching your application won't save you.
Even if it takes years, once someone evil gets access to your passwords the chance are high that some passwords haven't been changed and for the others, the attacker can see your password style, find some logic in them, see if you reuse some password or use very similar ones, etc.
This gives a great feeling of being safe while you may have been hacked and be vulnerable.
There is a very simple rule, consider internet as a public place. Don't put anything you don't want to share with the world on the net.
Just compare internet to the street. You leave your bicycle on the street, anyone can take it. You attach it with a locker, even a strong one, the chances your bicycle won't be there the next day is high.
Leave it in your garage (=offline), the chances it get stolen are much lower.
