I would say this is definitely true for the common Joe, but of course it helps to not run much arbitrary software from the web and keep your browser up-to-date to avoid drive-by malware. If you've got a habit of pirating games, you may want to keep your princess in another castle.

My mom doesn't have any reason to download and run untrusted software ever, and she'd call me if she needs something, so for her it's definitely better to have secure passwords with the risk of having all eggs in one basket. The risk of her being tricked into running software that steals the vault is lower than the guessable and reused passwords that she used before.

If you are more like me and regularly download software to try it out, pull random github repos to toy with them, etc., then it might be wise to keep the password database on an Android/iOS device which have app isolation. You can download all the malware you want, but if you don't grant it root, it won't be able to access the database stored in /data/data/com.example.keepass/database/.

The idea is...centralize your PWs but "harden" them behind a single longer and less brute-forceable master pw. And since the PW manager is doing the fill in, those can be longer and more random as well.

Perfect? No. 100x better than what most people do? Yes!!!

Moi? For the important stuff? I add in a YubiKey. Perfect? Again, no. But closer than no YK at all.

As a side note: I do contract web dev work for various agencies. Generally, talk about a lazy approach to clients' PWs. They think 1PW makes things secure. Meanwhile I generally have access to all vaults, even projects I'm not working on. Good sec is bases on less trust, not too much blind trust.