Since the master password is "salted" with the user's Ethereum address, via MetaMask, to create the seed, the master password is the only private thing that needs to leak to compromise al the user's passwords. Instead, consider the password seed being the signature of the master password (or some single private seed), signed by the user's MetaMask account private key.
This way, even if the master password, or the private seed, leaks, the user is not yet compromised.
Since the master password is "salted" with the user's Ethereum address, via MetaMask, to create the seed, the master password is the only private thing that needs to leak to compromise al the user's passwords. Instead, consider the password seed being the signature of the master password (or some single private seed), signed by the user's MetaMask account private key.
This way, even if the master password, or the private seed, leaks, the user is not yet compromised.