KeepassXC comes with its own share of risks (supply-chain attacks, zero-day vulnerability detections etc). No matter, which 3p software you are using, you are effectively gambling on the chance that none of those risks materialize. The only alternative is to personally audit the code - library by library, script by script and build it yourself. But even that carries risks: https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...