I had the same problem. I'm new to PWM too but love it. However, I don't trust the RDF file needed to export settings.
While I doubt PWM's hashes can be reversed to decipher the main password, the RDF file contains a lot of unencrypted information regarding your accounts, if you fill it up to make it easy for you. Try it yourself, copy it to wordpad or such to keep the formatting.
A problem I see is if PWM does indeed become popular, then it increases the incentive for a hacker to hack PWM, but less to try to decode the hash, but hack weaknesses within PWM itself such as the code libraries it uses, or even phish the user of the file.
Methinks the more your keep secret the less likely important pw can be found.
That said, what I've done is I created a scheme of passwords that work on all my sites, then I go to the public website and either run javascript from there, or run a copy of it from your own website.
http://passwordmaker.org/passwordmaker.htmlJust this n00bs 2c.