[Closi]

Because you can architect them to be provably secure via E2E encryption. See how 1Password deals with this for reference.

[dingaling]

You can architect it so, but the implementation is what counts.

No program which knows your master password and which has network access can ever be considered secure.

[neolog]

There is no program that knows the master password. It's hashed.

[gruez]

Why do you use a web browser then? It doesn't know your master password, but you enter most/all of your passwords into it anyways. To make it worse, it runs third party code that also have access to your password (ie. addons with the "Access your data for all websites" permission, which is most of them).