Security Focus has the first part of a two part article discussing password managers up. The second part, as is often the case with these sorts of series, has the real pay off in terms of their recommendations. But if you aren’t already familiar with the risks and issues, you should give part one a perusing. Upon further review, part one is actually pretty detailed, so beyond the basic risks, if you are curious about how these features are implemented, including the cryptographic choices made, you will definitely want to check this out.
I talked about password managers recently in the podcast, prompted by reporting of a form of scripting attack that preys on auto fill behavior of the two most popular browsers’ password manager implementations.