Ah the Internet classic: calling someone's comment irrelevant, when you clearly haven't even read, or at least not understood it. It isn't that long of a comment. Try reading it again.
Oh whatever, here's another attempt at explaining it: there's a huge difference if my passwords are in a place where people generally keep passwords, or if they are where only my passwords are. If someone has never heard of me, but they attack my cloud-password-solution and get in, they still get my passwords. Someone attacking me personally, if he's truly competent as a hacker, in probably screwed either way. At least he can only attack me, he can't attack "some public thing" and get my stuff "by accident". Think "personal safe in my home" compared to "public bank" (ignoring the fact that a bank is insured and all that for this analogy).
Your second point would be valid if open source didn't exist. First of all I didn't imply that it was inherently safe, I implied that there isn't a single point of trust, which was my would point. Even if you can't read/audit it yourself, there are projects that have public audits by reputable security companies. Plus if there truly were backdoors, assuming a non-tiny user base, someone would've probably noticed.
Then your final point seems to acknowledge the attack surface, but the problem with the "locally encrypted blob" is that this statement from the cloud provider is another thing you just have to believe them on. They might do that, they might not. Many don't even claim that, because people like convenience and want options for password recovery to their password service. those two are mutually exclusive.