It isn't universal, but browsers surely provide a good case study here. Most of them auto-update today. In the past, exploitation via bugs where patches existed but people didn't update was measurably common. Supply chain attacks against autoupdating browsers haven't really materialized.
If the goal is to prevent the most volume of exploitation, autoupdaters clearly win.
Browser vendors have teams of experienced and professional security engineers several orders of magnitude larger than the entire Bitwarden organization. They're also bound by US law.
If the goal is to prevent the most volume of exploitation, autoupdaters clearly win.