I'm not the most technical/security expert guy here, but as I see it for my uses:
iCloud keychain suggests/offers you stronger randomized passwords. At the same time, if you Agree to accept it on a given website, it enables the automatic key across ALL your devices (which may be a bad thing if you ever accidentally get your iPod/iPhone stolen).
Hmm…. for low-security websites, for example, ones that I don't buy anything, only minor forums like a game support forum, I have no problem using it. And besides, when I visit a small game support forum once a month, like am I supposed to remember the username and password I made up 2 months ago? No! So I let Keychain remember it and deal with it. In this manner, Keychain is super convenient.
But for websites that are really important to me, like the Apple Online Store or eBay where I purchase things, I will tell Keychain to NOT store any data for that website.
It's on a site to site basis. Just use common sense.
----------
I remember all my own passwords. Nobody can hack my mind.
Not even a Vulcan?