I will reply to this after a security incident of those services as a told-you-so reminder. 😜
Same with closed source solutions, nobody is able to check 1Password's infrastructure (+ configuration) as well as the actual code used. Same for non-self-hosted Bitwarden services which are hard to secure.
Such a high risk for the most sensitive information there is that can be very easily avoided should not be part of any serious security recommendation.