[mtmail]

If that's the only concern just email them. I'd say the limit is the web/backend framework default configuration. In mine I had to set 128 manually. In the configuration file there was a warning about the number of stretches to set. A long password with high number of stretches can take 60s to encrypt (decrypt is faster) and used to make a website unresponsive. Rather look what the minimum password length policy is, if they support 2FA, all indications they care to protect the password.

If really paranoid you can use open source, your own keys and a provider like https://www.borgbase.com/

[fmpwizard]

the password length was part of the issue, but one where I need help with is them saying: "Widely accepted by cryptographers as a more secure solution than AES/Rijndael"

[dylz]

The part I'm more concerned about is that they turn off encryption completely for free accounts, which implies the existence of some kind of remotely-controllable "encryption killswitch"