[Ambolia]

If you want to backup or to use the same password file on different computers it's not uncommon to have it uploaded somewhere.

On the other hand a lot of people store dotfiles on the cloud, at which point if somebody gets access it's probably easier to stole the information by modifying something like the .bashrc file.

[vgalin]

Then it would be an attack vector of course, but whether it is a vulnerability of the password manager itself would be debatable.

[Ambolia]

Seems like I was wrong, according to this comment[1] you also need local access to get the passwords after modifying the KDBX file.

[1] https://news.ycombinator.com/item?id=34545504

[marcosdumay]

The passwords store is not the same as the configuration file. It's common to upload the password store, not the configuration.