[munchbunny]

I agree with your assessment of why traditional password managers have flaws, but I disagree with your conclusion.

Security has always been a balance between usability and safety, and when you set security policy, you always do it in the context of who is using it and their needs.

Integrating the password manager into the browser makes a lot of things easier as an end user. If I told my parents/grandparents and non-programmer friends to use something like DBG or Password Safe, they would just go back to guessable and reused passwords. Given the choice, I would rather have them use a browser based password manager.

If we're really talking about how to move the needle on protecting logins, I would rather push FIDO/U2F. Keeping a cryptographic second factor on your keychain, phone, or computer carries more added safety at a lower usability cost.