[lazide]

All of these managers that allow automatic updates or run off some cloud loaded executable (which is all of them essentially) can re-encrypt all your data to another arbitrary key on next unlock with some code changes. Those code changes could be pushed/loaded for specific customers only pretty easily.

It’s not ‘all my passwords stored in their database unencrypted’ easy to compromise, but it’s also not protection against a motivated agency with jurisdiction said service has to respect, and it’s also not solid protection against any state level actor if they really care/want to spend resources targeting someone.

That said, it’s all about threat assessment and trade offs. Especially for a business, what are the consequences if the NSA does x, or China does y?

For 99% of businesses? Nothing except some irritation if you find out. Same as with most things.

If someone is an activist going after those agencies/gov’ts? Probably quite severe consequences.

If I remember correctly, some of the fallout from the Chinese gov’t hacking Gmail was folks being ‘disappeared’, extended families being held hostage in China, etc.