Absolutely not, it ties all of your information together trivially. People should just use password managers with a unique password for each website. Then you don't really about one site's bad security meaning that your security on another site is ruined (with SSO that's also an issue, you just trust the SSO provider more explicitly). You only care about whether data was accessed or modified with a particular service.

Most people (e.g not hackernews readers) only care about how easy it is. Assuming that most people would prefer to simply use existing authentication services is accurate and not remotely absolute (even if it makes some of us cringe).

Most people (e.g not hackernews readers) only care about how easy it is. Assuming that most people would prefer to simply use existing authentication services is accurate (even if it makes some of us cringe).

If gmail is your password recovery address, hacking your gmail, will give the hacker access anyway.

And if your Google or Facebook account is hacked...?

Same as if your password manager account is hacked.

There are non-cloud based password managers.

"Wish all sites reported your activity to advertisers like Facebook or Google."

Convenience is a big selling point, but the price is too high.

Single sign on is single compromise.

If your single sign on provider is also the email address for password recovery, single sign on doesn't compromise you further.