For most people, non-technical people in particular, their biggest exploit risk is they re-use the same username and password everywhere, one website gets popped and their creds get in the open, and then people use those creds to get into everything else.
Anything that gets them to use unique, strong passwords for everything vastly improves their general security, even if they are using a third party, commercial organization.
Yep. I fell in the trap of using repeat passwords because I was lazy. One of them leaked and someone overseas started using my personal Plex server. I setup LassPass the next day and changed everything to unique strong passwords. LastPass is cross platform and the convenience is worth what the risk for personal use.
Anything that gets them to use unique, strong passwords for everything vastly improves their general security, even if they are using a third party, commercial organization.