1Password went through something like this a couple years ago. 1Password solved this with their OPvault format.
If you’re worried about something like that use a different password manager like 1Password and do WiFi only syncing between devices.
1Password still has the problem of the developers (Agilebits) being extremely careless about how they distribute their software without any method of authentication. So KeePassX, pass, or Password Safe are better options, as those password managers can be authenticated. As compared here: http://mostvulnerable.com/
saw this interesting comment there:
But it seems to me that bitwarden tracks user’s activities by using google-analytics. (the code seems not been used at current release of chrome extension, but implementation is already there.)