Fair point! @fschillingeriv 
@Logician - just so it’s said, the HTTPS/MITM scenarios you describe would only allow access to the encrypted data, or a hash of your master password, never your actual password.
The web interface is an entire javascript app that handles authentication and decryption separately. Authentication hashes the password and sends it to the identity service, while the ket derivation is done 100% locally.
More on the architecture if you’re interested: https://bitwarden.com/images/resources/security-white-paper-download.pdf