Citation needed on "biggest". 1Password appears to have comparable revenue to LastPass, but it is hard to pin down clear sources. Since you seem to have sources, it would be nice to see them. Number of users is even harder to pin down since you never know what a company counts as a "user". Someone who forgot to delete their account from years ago could easily be counted if the company is looking to inflate user counts.
Even if they were 100x the size of the next competitor, they would not get a free pass for the obvious technical failures of their implementation, which have nothing to do with the number of users. The entire vault should be encrypted, end to end. The number of PBKDF2 "rounds" should automatically have increased, even for old users. These are huge oversights that fundamentally undermine their credibility.
As far as coverups at other companies go, that would be some coverup to avoid any whistleblowers leaking things. Unless it was very recent, this is very unlikely. People take cybersecurity seriously, and counting on every employee to participate in a coverup of a serious breach is unlikely to go well.
I am also annoyed by the switch to a SaaS-model, but I don‘t think this hurt security in any way, and for most people (i.e. those that used to sync their vault via cloud storage) probably improved it quite a bit.
If you store the secret key locally and only locally, the threat model should be the same as before.