[chousuke]

They don't really store your passwords, just an encrypted blob that's openable with your master password (more accurately, a key that is derived from it using an expensive operation so that brute-forcing is unfeasible.)

You do need to trust them enough that they will never sniff your master password (AFAIK even the web vault is local only) but eg. the command-line client is open source, so you can at least verify their protocol.

That said, I might switch to bitwarden at some point purely because it can be self-hosted.

[Faark]

I just don't want to store my passwords in exactly the same way everyone else does. I'm not a high value target, so my threat model is a 3rd party getting screwed / screwing us. Just a little bit of customization should be enough to throw off whatever tools attackers will build to mass harvest.

[jupp0r]

It depends on what plan you are on. Afaik, the enterprise plans have key escrow and an option to recover your account if you forgot your password.