For password managers specifically, one thing you can do to be a little less reliant to the "password manager app was compromised" attack is to pepper the passwords in your password managers. So every time you paste/auto-fill a password from your manager, to you delete a bunch of characters and add a bunch of characters. Of course this requires some memorization and to some extent introduces back the very problem that password managers attempt to solve. Then you tune your pepper algorithm as much as you like: even sharing the same pepper algorithm for everything is not that bad, since it would require an attacker not only to compromise your PM but also know one of your stored passwords. And you can give yourself tips on your pepper using the comments/notes section of the password manager.
Convenience/security tradeoff.<p>If you only care about convenience, you shouldn't be self-hosting - what if your server goes down? Much better to abstract this away and let someone else take care of it.<p>If you only care about security, you don't want anyone else's prying eyes anywhere near your recursively-encrypted secrets; self-host on a server that is airgapped from any publicly accessible networks.<p>Which of these do you care about more?