Why can they "never be as secure"? Especially compared with iCloud, which I believe has a history of being vulnerable to all sorts of attacks...

iCloud and iCloud keychain are not really the same thing. iCloud keychain is designed not to disclose user passwords in the event of an iCloud account compromise, for example, among other things. The iOS Security Guide[1] has more details on this topic, starting on page 45.

That's not to say other solutions can never be as secure, but it's a fairly good design nevertheless.

[1]: https://www.apple.com/business/docs/iOS_Security_Guide.pdf

Why do you "believe" this?

Is this like a "belief" in the healing power of crystals, or of the bumps on your head being indicative of your personality, or do you have something substantial to share?

My healing crystals are mumbling something about 'social engineering' (https://www.hackread.com/apple-users-icloud-phishing-attack/), 'poor access controls' (http://mashable.com/2014/09/04/i-hacked-my-own-icloud-accoun...) and 'poor authentication controls' (https://www.google.co.uk/amp/www.cultofmac.com/280189/icloud...).

Seriously though, I'm more interested in the assertion that any password manager can never be as secure as iCloud, even ones which don't upload data to the 'cloud'.

That's what I currently use as well. I would have liked to see some mention of it -- whether or not they tested it, or if they couldn't find any vulnerabilities using the same tests they did for other applications.