I would say this is definitely true for the common Joe, but of course it helps to not run much arbitrary software from the web and keep your browser up-to-date to avoid drive-by malware. If you've got a habit of pirating games, you may want to keep your princess in another castle.
My mom doesn't have any reason to download and run untrusted software ever, and she'd call me if she needs something, so for her it's definitely better to have secure passwords with the risk of having all eggs in one basket. The risk of her being tricked into running software that steals the vault is lower than the guessable and reused passwords that she used before.
If you are more like me and regularly download software to try it out, pull random github repos to toy with them, etc., then it might be wise to keep the password database on an Android/iOS device which have app isolation. You can download all the malware you want, but if you don't grant it root, it won't be able to access the database stored in /data/data/com.example.keepass/database/.
My mom doesn't have any reason to download and run untrusted software ever, and she'd call me if she needs something, so for her it's definitely better to have secure passwords with the risk of having all eggs in one basket. The risk of her being tricked into running software that steals the vault is lower than the guessable and reused passwords that she used before.
If you are more like me and regularly download software to try it out, pull random github repos to toy with them, etc., then it might be wise to keep the password database on an Android/iOS device which have app isolation. You can download all the malware you want, but if you don't grant it root, it won't be able to access the database stored in /data/data/com.example.keepass/database/.