[bagosm]

Well your whole point can be addressed easily. Here is how:

There is no immediate access to all passwords at once. Even when editing/deleting stored accounts, you can only do so by either providing the current one, or by load control.

Normal use, wouldn't need more than a few passwords at any given moment and if there is a request for more, this can be an alert/lock that requires an SMS or any other 2nd means of authentication.

The only real concern is that attack vectors to a single account (eg a gmail account) are broader that way - you can also go through the master password thingy. So, to begin with, if there is an account that is super sensitive you don't delegate it to a master account for authorization, and everything is dandy.