They use SQLCipher which is OSS. I understand they don't release the UI code as it is what they use to make money. If you are afraid that they secretly copy your passwords you can easily check this. As you keep the file on your device or place it at a third party service it is more secure than a service like LastPass. Also don't use browser plugins but copy and paste the password