[akx]

I am not a cryptographer, but looking at a KDB file in git (with xxd in-between), it would _seem_ you're safe (esp. considering pfg's sibling comment). This pattern of differences repeats for all of the 4 commits I tried: http://i.imgur.com/rxesWJl.png -- so basically there's only two constant 16-byte sequences, there rest of the file being entirely unique.

[cpa]

If you wonder why you're being downvoted: it's probably because there is consensus that either a system has been checked by security professionals (be it mathematicians or implementors) OR should not be considered secure. Note that it is not an exclusive or! Your reasoning only proves that a specific type of attack is unlikely to succeed, but does not say anything for any other attack.

[pfg]

I basically agree. However, if you trust KeePasses implementation of AES-CBC and you consider the fact that the IV will be randomly generated for every file version, you're betting on AES-CBC not leaking any information about the plain-text (which hopefully some expert already checked).

I don't know whether the AES implementation in KeePass has been checked by someone considered an expert yet.