Your assumption is that the master password is uncrackable - but do you have a reasonable source that suggests that most people's password fall into that category?
Compare a stateless system with a stateful one - one where the actual passwords are random and stored somewhere. In the stateful system, figuring out the password for one site provides no knowledge about the passwords for any other site. Yes, a stateful system does have a single point of failure - if you can guess the master password, you can get all of the other ones by logging into whatever site is storing the password database - but that is no different than in the stateless system. What is different is that that cracking the master password is probably subject to a rate limit by the site that stores the password database making a brute force attack infeasible. You could, of course, in theory, steal the entire password database and attack it offline to defeat the rate limit - but that requires breaching the system that store the password database. While that is doable, at least you are limiting your trust to a single entity (whoever stores the password database) to prevent breaches. In the stateless system, however, you are hoping that your master password is uncrackable (it probably isn't) and that every single website you have a password for is also unbreachable (which they definitely are not).
Compare a stateless system with a stateful one - one where the actual passwords are random and stored somewhere. In the stateful system, figuring out the password for one site provides no knowledge about the passwords for any other site. Yes, a stateful system does have a single point of failure - if you can guess the master password, you can get all of the other ones by logging into whatever site is storing the password database - but that is no different than in the stateless system. What is different is that that cracking the master password is probably subject to a rate limit by the site that stores the password database making a brute force attack infeasible. You could, of course, in theory, steal the entire password database and attack it offline to defeat the rate limit - but that requires breaching the system that store the password database. While that is doable, at least you are limiting your trust to a single entity (whoever stores the password database) to prevent breaches. In the stateless system, however, you are hoping that your master password is uncrackable (it probably isn't) and that every single website you have a password for is also unbreachable (which they definitely are not).