said by Selenia:The key has to be correct and the passphrase to unlock the key when the client opens it. When you close it, this will be required again.
The vulnerability is while it is open.
said by Selenia:Plus, the DB is kept locally, which is safer IMO than anything stored on the cloud.
This is password manager specific. Some are only stored locally, and some are stored in the cloud, or both locally and in the cloud.