This is a fair point, but it's worth noting that the password you memorize and enter is only a part of the encryption key. There's another component -- I think they call it the "master key" -- which is generated locally when you set up your database and must be transferred out-of-band to other devices. It doesn't go over a network, not even a local one. So losing control of your password via the web interface still does not constitute a complete breach.