You could make the case that "stealing" talent is in terms of targeting hiring people where the training and research costs were footed by someone else.
Then again, as you pointed out, you could also make the case that they weren't properly compensated.
If I'm not mistaken it should be mostly fine as long as you trust the desktop/phone versions of Bitwarden not to send off the (unhashed) key to the server
Just checked, should be available on the self-hosted version as well. [0] And the author of bitwarden_rs seems to be planning to tackle it over the weekend!
Edit: [0] is also a much better source than BBC in this case.
[0] https://www.vice.com/en/article/wx5xpx/hackers-steal-data-el...