This is such an under-rated comment for this whole thread.
This was my gut response to password vaults when they were first implemented. I still find the idea of password vaults spooky.
Open source ones scare me because it seems easy to slip a compromised library. The XZ debacle can't be the only time that's been tried.
All of them scare me because a bad browser extension or a more minor hack, like a trojan, could likely compromise all passwords.
Games on steam sometimes have some ridiculously privileged anti-cheat software, run by who knows what company, some of which offer direct RCE, in a process that already looks into other processes memory.
Virus scanners routinely analyze every single file on a computer and maybe memory too.
