[imglorp]

Netflix yeah but how many bank passwords are going in there?

Consider there are at least three copies of the data at rest: on each member's phone and more seriously, assuming also on OP's server. How long until the whole database gets breached and shows up on PasteBin?

Then as another thread mentioned, it's trivial to brute force the whole heap of vaults trynig 4-digit PINs and then look for treasure.

[daniel_sushil]

Hi imglorp - we don't save your passwords on our servers when you save them. It is only stored on your own device, encrypted. If you choose not to share, it will never leave your phone. When sharing, we use end-to-end encryption. When sharing, we only store the encrypted version of the shared content until it is received by the recipient (or 30 days whichever comes first). This is similar to the technique WhatsApp follows.