If an attacker compromises your local machine, they don’t need any password: they just wait for you to enter all required credentials and read the passwords when the database is unlocked.
Also, you omitted an important sentence at the end of the FAQ that you quoted. The response changes every time you save the database. Yubikey uses HMAC-SHA1, which is a hash of a shared key and a counter. The counter, and hence the response, changes when the file changes. That helps a lot, with constantly rotating the master key. It also adds 140 bits to an otherwise easy to remember password.
I do see the point of adding more entropy, but against what type of attacker is the rotating password an improvement?
It seems to kick the attacker out of getting future database updates after a point-in-time compromise, but do users using a password manager frequently change their passwords stored in it? At least I don't.
Also, you omitted an important sentence at the end of the FAQ that you quoted. The response changes every time you save the database. Yubikey uses HMAC-SHA1, which is a hash of a shared key and a counter. The counter, and hence the response, changes when the file changes. That helps a lot, with constantly rotating the master key. It also adds 140 bits to an otherwise easy to remember password.