> Did you actually look at it and audit it? >99% of people aren't going to do that. They're just assuming somebody has.

That's a fair point. I certainly haven't.

But the great virtue of pass is that it runs locally, which means that it's much more difficult to attack than a SaS password manager.