I'm reporting here my recent discovery that, since OS X 10.9 Mavericks (released 2013), Time Machine's backup of keychains is completely broken for anyone who does not use iCloud Keychain. This bug is so severe that it was hard for me to believe when I encountered it, but anyone can easily verify this for themself.
In particular, your account's Local Items keychain, which is used by Safari and some other Apple applications to store passwords, is encrypted in such a way that it can only be restored onto the exact same machine — knowing the user's password is insufficient. Thus, if your machine is lost, stolen, or damaged, a restore from Time Machine backup will not properly restore your keychain. Nor will the keychain properly migrate to another machine using Migration Assistant (luckily, this is how I discovered this behavior).
There is no warning of this behavior in any documentation, and no workaround whatsoever except to use a different browser or password manager, or to manually store all passwords yourself separately in the Login (rather than Local Items) keychain.
There's also no way to export the items in the the Local Items keychain except manually copying them to another keychain, during which you must enter your password one-by-one for each copied item (people have written some AppleScripts to automate this, e.g. https://gist.github.com/rmondello/b933231b1fcc83a7db0b).
If you use iCloud Keychain, then the Local Items keychain is just a machine-local cache of the iCloud data, which is fine, I guess. But this behavior is just dangerously broken if you do not use iCloud for this purpose.
(This was originally a comment at https://news.ycombinator.com/item?id=24624001, but it was suggested that it be its own top-level post.)
I think this actually works "as intended". Since keychain items serve as the root for your credentials to various services, it makes sense to protect them with two factors; in this case it's "something I know" (password) with "something I have" (device). A loss of either should render the encrypted data useless.
Local keychain is precisely that; local. It is not intended to be something that is by default transferable, as opposed to say, iCloud Keychain.
I emphasise by default because yes, a user should be allowed to easily export/backup the local keychain if they want. The fact that its a PITA and requires a workaround via AppleScripts is very frustrating. And, as I said, lack of clarity by Apple/Time Machine of this fact.