[cpa]

If you wonder why you're being downvoted: it's probably because there is consensus that either a system has been checked by security professionals (be it mathematicians or implementors) OR should not be considered secure. Note that it is not an exclusive or! Your reasoning only proves that a specific type of attack is unlikely to succeed, but does not say anything for any other attack.

[pfg]

I basically agree. However, if you trust KeePasses implementation of AES-CBC and you consider the fact that the IV will be randomly generated for every file version, you're betting on AES-CBC not leaking any information about the plain-text (which hopefully some expert already checked).

I don't know whether the AES implementation in KeePass has been checked by someone considered an expert yet.