It seems the export function for the Figaro Password Manager format has an issue. A quick test seems to reveal that it uses in fact the XML (unencrypted) format, while still asking for a password and not warning the user that the export is insecure.
I take a look on this commit but in fact I think it does not fix this issue : https://bitbucket.org/erikg/revelation/changeset/236497122791 .
Debian bug url : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=680059
Regards, Thomas Pierson