For what little it's worth from a random internet person, I agree with you 100%. I do it the same way as you, with the database stored on Dropbox, and an offline key file. I just can't make myself trust an online service for this stuff, as irrational as that may be.
Even if KeePass turned out to have some expoloitable vulnerabilities, it's still running solely on my machine, and I don't allow it to connect to the internet at all. I suppose yes, if someone breaks into my computer I could be in trouble, but if they can do that, they can just steal my session cookies anyway, password manager or not.
Even if KeePass turned out to have some expoloitable vulnerabilities, it's still running solely on my machine, and I don't allow it to connect to the internet at all. I suppose yes, if someone breaks into my computer I could be in trouble, but if they can do that, they can just steal my session cookies anyway, password manager or not.