If the attacker is Microsoft or a powerful government agency, there isn't much of a difference. Your recovery key is sent to Microsoft in any case.
The fact that new Windows devices require users to backup their recovery key on Microsoft’s servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts (you can skip to the bottom of this article to learn how) — something that people never had the option to do with the Clipper chip system. But they can only delete it after they’ve already uploaded it to the cloud.
That's not an important difference. Microsoft has the recovery key. You don't know whether they actually delete it and unless the deletion of the key is proven, it cannot be assumed deleted. Therefore, Microsoft must be assumed to hold all Bitlocker recovery keys.
The article actually states this:
As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel it to hand over your recovery key, which it could do even if the first thing you do after setting up your computer is delete it.
While it is assumed that the TPM is backdoored, unlike the key leakage, this isn't actually proven, as far as I know. If that's true, the TPM is completely useless.
But because you only seem to be interested in Bitlocker's usage of the TPM, not the usage of it by other programs (which might not leak your key), there isn't much of a point discussing it as Bitlocker sends your recovery key to Microsoft anyway.
Regardless of whether a TPM is used, it helps against people who just want to have a quick peek at your personal files. It doesn't help against attacks from Microsoft, government agencies, or any serious hackers who are a threat to either Microsoft or government agencies and can therefore get hold of your recovery key. The set of attackers who are a threat to you doesn't change much regardless of whether or not a TPM is used.
To answer your question in the title: It's stored on a flash drive.
Yes, you can enable BitLocker on a computer without a TPM version 1.2,
provided that the BIOS has the ability to read from a USB flash drive
in the boot environment. This is because BitLocker will not unlock the
protected volume until BitLocker's own volume master key is first
released by either the computer's TPM or by a USB flash drive
containing the BitLocker startup key for that computer. However,
computers without TPMs will not be able to use the system integrity
verification that BitLocker can also provide.
To help determine whether a computer can read from a USB device during
the boot process, use the BitLocker System Check as part of the
BitLocker setup process. This system check performs tests to confirm
that the computer can properly read from the USB devices at the
appropriate time and that the computer meets other BitLocker
requirements.
To enable BitLocker on a computer without a TPM, use Group Policy to
enable the advanced BitLocker user interface. With the advanced
options enabled, the non-TPM settings appear in the BitLocker setup
wizard. For instructions about using Group Policy to enable the
advanced user options, see
http://go.microsoft.com/fwlink/?LinkId=83223.
(https://technet.microsoft.com/en-us/library/cc766200(v=ws.10).aspx)
