But you do not have the keys and passwords on that server. Only their encrypted forms. And the master password never leaves your machine(s), the sensitive bits are only decrypted locally.
This is reasonably safe, as long as you're careful with your master password, no different form GPG.
I'd still rather not let anyone have the encrypted versions of my keys/passwords. If the software is compromised then it's reasonable to consider the encrypted data can be brute forced with some time.
I'm not here to argue the merits of encryption. I understand it very well. I'm only considering my own levels of comfort and need to trust a 3rd party as well as pay a recurring fee to store my keys/passwords.
Encryption that can't be brute-forced within centuries, even with a quantum computer, exists for some time, and is not really expensive to apply, especially on such small scales as a password database.
This is reasonably safe, as long as you're careful with your master password, no different form GPG.