I think that the "trust no password manager" concept goes too far, there are password managers out there that are encrypted and offline, and don't call home, examples are Keepass, pass, etc...<p>I think that part should be changed to "trust no cloud password manager" especially those who can't be accessed while being offline