There is a risk no matter what you do, Certainly biometrics are potentially a problem, and the inability to change them later can be problematic for most people, but in many instances, they are a good second method of verification.
Are password managers completely safe? No. They are not. However the incidents of cracking a password file pale in comparison to the password issues we've had with poor memory and writing down passwords. It's not even close. A number of those password manager issues are because a company provides a service, and stores the password in a reversible encrypted format. They are also a concentrated source of passwords, just like someone hacking any other company. You're at their mercy.
I use a password manager, and sync the files in the cloud for convenience, but I also change the file pwd periodically. I've reset important passwords a times as well. Long passwords to get into the file should provide enough protection for long rotation, and ultimately, someone has to both crack the file sharing site as well as want to runs scripts that try to crack the password manager file. Low odds, and certainly better than anything I can memorize.
Is the "correct horse battery staple" better? I'd argue no. First, I can't memorize or keep a lot of those in my head. That means I've limited my security because I'm sharing passwords in places. Add some character? Well, if I do something like "correcthorsebatterystaplewellsfargo.com", that's great. If I also do "correcthosebatterystapledropbox.com", then when they lose my password, script kiddies will try that password on lots of other sites. I'll either need to change my mnemonic, or I'll have the same "shared password" issue.
We can agree to disagree here, but I think a password manager with 2FA where possible is a better solution than anything else I've seen so far.