* Website names are stored in plaintext filenames and directory hierarchies. No confidentiality and no integrity guarantees for those.
* It uses GPG's public-key encryption instead of symmetric-key encription. This integrates well with gpg-agent but it means that you need to carry a gpg private-key file around with you instead of just remembering a passphrase.
May I politely point out https://github.com/catch22/pw, which solves the first issue by using a single password database instead of a subdirectory (for the reason that you mention).
* Website names are stored in plaintext filenames and directory hierarchies. No confidentiality and no integrity guarantees for those.
* It uses GPG's public-key encryption instead of symmetric-key encription. This integrates well with gpg-agent but it means that you need to carry a gpg private-key file around with you instead of just remembering a passphrase.