I am also annoyed by the switch to a SaaS-model, but I don‘t think this hurt security in any way, and for most people (i.e. those that used to sync their vault via cloud storage) probably improved it quite a bit.

If you store the secret key locally and only locally, the threat model should be the same as before.