> many users have databases that fall in the range of 10-100MiB

> use one of the many other ways to operate the database as a single file and be on your way

Don't you still have to download and upload that 100MB pretty often? I feel like password databases get modified every few days, not every few months.

Moreover, if an app really wants to optimize the file-not-modified case for people who don't modify it often, can't it just internally cache an encrypted version of the database in another format -- in SQLite, even! -- and use that when the checksum/file time/whatever matches what they expect?

I feel like a client that actually cares about the user should tell them how much more expensive the file gets with each entry being added: "Hey, based on your recent download/upload speeds on this device, embedding this 1MiB file would add a 5-second delay." Switching the entire world from XML to SQLite seems like it completely misses the fundamental issue.