It was everything leading up to the audit really and some issues with the audit itself as pointed out by a user in a long-running forum thread about the need for an audit [0]. I share most of the concerns in the 3rd paragraph in regards to the audit - it seemed focused on restoring or capturing the master password and made no mention of countless other attack vectors that may or may not be problems.
Compare their security audit with the one provided for Bitwarden [1].
Compare their security audit with the one provided for Bitwarden [1].
[0] https://discussion.enpass.io/index.php?/topic/404-security-a...
[1] https://cdn.bitwarden.net/misc/Bitwarden%20Security%20Assess...