I did a little noodling around and found it's perfectly practical to use even several thousand iterations of a newer hash algorithm (SHA2-256) to produce passwords, rather than a few dozen iterations of an obsolete one. That should address some of the cryptographic concerns. It's also perfectly possible for the script to accept the master password through a JavaScript popup rather than from a text box inserted into the current page. That should address concerns about a "malicious webmaster" type attack.
So some of the most important criticisms of SuperGenPass (which is undeniably very slick and pleasant to use) are at least addressable.
SuperGenPass is good if all you care about are website passwords. I also need to save passwords for FTP/SSH/Internal Business Apps. SuperGenPass won't be helpful and I would definitely prefer to use one solution for all my password needs.
