As long as by one-way-hash you actually mean "key derivation function" and not actually hash, otherwise one leaked password means I get your master password, and hence all of your passwords, as long as your master password has an impossibly huge amount of entropy. (It probably doesn't.)
Seriously, use cryptographically random passwords.
SuperGenPass uses MD5 or SHA512 (so they do use hashes). Personally, I use bcrypt with a cryptographically random and long master password, which is something at least.
I appreciate the input and advice anyway. Security being a system of compromises, my current stance is that the security offered by a system like this, despite its flaws, is greater than a password database system (with truly random passwords) because then both I need to keep the database physically secure and trust that e.g. 1Password have designed it properly (or that my cloud provider is capable of keeping it secure). Since 1Password has apparently had potential issues in the past I don't have too much faith, but perhaps I'm being overly cynical.
Comments like yours and Groxx's help me re-evalute what I'm doing though, so maybe I will switch to proper random passwords in future. So thanks again for the input!
I didn't say anything about any particular system. Using MD5 or SHA-512 doesn't have to be bad per se -- using them once is bad.
Also, you mention having to keep it physically secure. I don't think that's true; you can use anything you want to encrypt it, from passwords to smart cards to whatever.
You mention you have a long and cryptographically random password. I'm guessing (hoping?) that it consists of a bunch of words that are easier to remember, since humans are pretty bad at remembering things with sufficient entropy to count, particularly if they come in the form of unintelligible junk :)
Seriously, use cryptographically random passwords.