Currently some operations, e.g., imports, require us to log into the web vault at vault.bitwarden.com. So an intruder attacking the server could steal our password or our private data in decrypted form.
For greater security, after we have logged into our local instance of Bitwarden, it should be possible to do all operations without ever allowing the server to have access to our password or our private data in decrypted form.
For even greater security, an option could be added that, if set, would completely prohibit all web vault logins, and only allow logins into a local instance of Bitwarden. Logins into the server would then be used only for less security-critical activities such as billing.