Is it possible that you are assuming they are referring only to Vaultwarden itself? Half of the equation is a server component compatible with every app produced by a company, the other is every app that is produced by a company. If the company decides to stop being compatible (by changing their own communication), what are you left with besides the built-in web interface and a handful of “maybe-compatible, maybe-secure” apps?

Security updates aren’t just about the vault. What does having a fancy locking system mean if the moment you open the door everyone can just walk in?

Most people just want a product to do what it says from all their devices, and don’t care about any of this stuff. As such, they are more inclined to simply move to yet another least-friction mature ecosystem.

Vaultwarden as an alternative is a bit like suggesting a third-cousin who homebrews beer in a trash can knows a viable alternative as a nationwide replacement for Budweiser, because they both happen to use the same shape of bottles. I’m sure some family and friends might go along, but everyone else is just going to pick a new common brand that is similar to what they had, not start brewing their own beer. Some will…for a while.

The best thing about self-hosting your password vault is that you can be naive about how many times it has been compromised without detection.

(I’m not against self-hosting things — I’m against acting like it is a realistic alternative for average people who almost never have the skills to implement it securely.)

They will make the wrong decision.