Thanks for the response,
But what if user kept a weak master password?
Then hacker just have to wait for the cloudflare’s data breach and that’s all. He already have the encrypted data and code of bitwarden (to know how exactly he can use master password to decrypt the data), now he just need to focus on bruteforcing the weak master password.
It was just an example and even if 0.1% users are in such category, then it should be a matter of concern.