If I were your friend, I would tell you that this is still dubious owing to the fact that without it, many people might use very weak passwords that never change. You gotta weigh that and the vulnerability it presents for large-scale remote attacks/leaks, against the likelihood of these guys getting local access to your machine (i think?) for this exploit.
Storing multiple passwords within a single master password means your security is only ever as strong as your master password is safe. Literally "putting all your eggs into one basket". Same with centralized email. One should separate accounts by email such that if a single email is compromised - not every account is compromised.
My argument (and practice) is to have individual emails for individual accounts. Using a dice selection method [0] they'll be as secure as any individual master password. The issue is burden of memory.
The argument in favor of password managers is that they relieve the user of burden of memory by exchanging a small chunk of security for a large chunk of convenience. Which is why I use a password manager.
The actual bet however is that somewhere in the implementation of password managers there will be found something that is so insecure it allows someone to "seize the basket" and more or less make the trade-off go from a "small chunk of security" to "all security". Specifically, any PM that doesn't require the device being compromised; though physical access is fine. (Physical access allows memory attacks but the device itself is not yet compromised.)
I hope that helped give my position some more nuance.
If I were your friend, I would tell you that this is still dubious owing to the fact that without it, many people might use very weak passwords that never change. You gotta weigh that and the vulnerability it presents for large-scale remote attacks/leaks, against the likelihood of these guys getting local access to your machine (i think?) for this exploit.