Password managers typically offer to store images like document scans. Without per record encryption one needs to send the whole encrypted blob on each modification.
Not necessarily. You can have a write-ahead log which also consists of opaque blobs and which other devices can pull and reconcile on their own. At some point, a whole reconciled version is uploaded.
