@Dropbear, re points of failure and risks
Yes, something like KeePassX can put all your candy in one jar, so if that jar gets stolen and opened then your candy is free for the taking. But the KeePassX database is encrypted, and the bad actors have to get to it before they can steal it and try to break the encryption.
To my mind, it's all about degrees of risk and degrees of effort. For example:
If a nation-state wants your candy, for some reason, then they will get your candy. That's the highest level of attack, but, for most of us, the most unlikely.
If a script-kiddy wannabe is trying to get into your system, you're probably OK with basic security measures -- and you could probably store your passwords in a plain-text file, because the kid won't get onto your machine anyway. Low risk attack, but the attempt is not at all unlikely.
I'm not telling you anything you don't already know, right? There is no absolute security. But for you and me, it's usually good enough to be just a little too hard to crack.
I agree, too many accounts and too many passwords. So I keep all my "candy" in KeePassX, encrypted with a long password but one with a pattern I can remember. The other passwords vary in difficulty -- the one for my email is crazy long and jumbled, the one for the hiking forum shorter and simpler.
But a password database like KeePassX can also store names, telephone numbers, addresses, account info, and so forth. So I use it like my mum used her address book -- anything I want to remember about stuff goes in there.
Yes, all the candy is in that jar. But I'm less worried about someone stealing and then decrypting that file than I would be if those notes were scattered around various text and spreadsheet files. And I know if I just write them down on papyrus I'll lose them.
That's my two scents.