I use KeePass as well, and have had no problems using SpiderOak to securely sync my password database across devices.

(Though I've heard noises recently about KeePass's .kdbx file format having some known vulnerabilities. Anyone else heard this, or have more details?)

From what I've heard, people are generally just concerned that the database is not authenticated whatsoever, and so a malicious actor can modify your database (particularly if it's hosted on Dropbox/etc...).

This doesn't seem like a particularly scary vulnerability, but one scenario that was brought up (though I'm not 100% convinced), is that a malicious actor can corrupt the password for one website, leading you to change the password.

I dunno, don't see it as a huge vulnerability, but I do agree there is little reason for such a database not to be authenticated.