And yet you are using a product at the whims of some remote/foreign party whom you have never met and is bound by a set of responsibilities and laws with which you are entirely unfamiliar.
I get where you are coming from, but you clinking "update" in stead of the dev does not guarantee the safety of the update.
This is a false dichotomy. Nobody is claiming that mindlessly clicking "update" guarantees safety.
I run a private fork of the bitwarden client, anyway. Their stock one partially trusts the iteration count of the PBKDF provided by the server, and can be tricked into sending a low-iteration hash of the master password.
I get where you are coming from, but you clinking "update" in stead of the dev does not guarantee the safety of the update.