You need to compare the URLs at least for equality in order to resolve conflicts, which is most straightforwardly done server-side. You could maybe do some sort of content-defined encryption to them, but I’m not sure how useful that would be. So storing the URLs in the clear is unfortunate but not inherently dumb.
(As to how KeePass implementations deal with this problem when on top of a single synced file: they mostly don’t, data loss on conflict is not uncommon[1].)
“The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs …”
<button class="itemCheckbox" tabindex="17" aria-label="Select"></button>