The sad thing is that a password manager isn't a tough thing. However, it requires some thought to do it right.
For example, stashing a syncable database on a cloud provider. Most PW managers either use the same password one uses for the local storage.
However, the database on the cloud provider is where security needs to be tight, and, if possible, not brute-forcable. Ideally, the database would be protected by a randomly generated key, which is then encrypted by each device's private key. If the user wants to add a new device, the new device's key is slapped on a keyserver, one of the other devices shows the user that device's fingerprint and asks the user to compare and approve that the key is the same, then would allow the new device to have its decrypting key entry. If all devices are lost, a recovery mechanism can be as simple as having a password on the chain that unlocks the key, or a shared secret. All solved problems -- this functionality is all native to the OpenPGP format (where one encrypted file can be decoded by any key on the list, or a passphrase.)
For Android and iOS, both have secure modes to store sensitive data. These should be used in combination with the app's encryption, so there is both the device's hardware protection, and the app's protection.
For desktop usage, the app's encryption is likely enough, since desktops are less likely to be stolen.
Backups? Again, there is an easy, secure way to do this. Use a similar encryption mechanism to what Titanium Backup (a must have for Android) uses. It has a public key, and encrypts backups with that. When a restore is needed, each backup file has a private key, which is encrypted with the user's passphrase. This results in being able to do backups without having to hold a key or password indefinitely in memory between sessions, but allows the user to restore/decrypt without worrying about having the proper key... just the right passphrase.
Of course, there is the password generator. Yes, /dev/random or Windows's equivalent is "good enough", but having a password generator which can take user input (keystrokes, using a high speed timer, as well as mouse movements) provides additional randomness, which would be useful if a bug happened, and /dev/random just outputted zeroes or some other glitch happened. The ideal would be a combination of Apple's and Keepass's, where one can use memorable words with a number or two, or generate custom passwords .
I just wish someone would do it "right". KeePass has everything nailed, except good syncing with a cloud provider, and if each instance of the password manager would use a PGP/gpg key, then store the database as an encrypted file, this would provide excellent resistance to brute-force attacks, should the cloud provider get compromised, as there would be no passwords to guess.
: Sometimes I was asked to send a user a password over one channel, and data over another. I liked sending passwords in a standard format (like 2-3 Windows CD keys for more sensitive stuff, or phone numbers for less sensitive items) so the receiver knew they were not totally lost when typing in a long password. Thus, having templates come in handy. Same with generating a large amount of starting passwords for an AD domain, where I wanted the passwords to fit the criteria, but be of a certain format so the user knows they are typing in the right thing, and there wouldn't be any "0/O", "1/l" mixups.