If the password manager server is hacked and compromised, then syncing your passwords with the compromised server will lead to compromised passwords (duh)

What do you mean “duh”? The password managers claim that the exact opposite is true.

Most service providers therefore promote their products with the promise of “zero-knowledge encryption”. This means they assure users that their stored passwords are encrypted and even the providers themselves have “zero knowledge” of them and no access to what has been stored. “The promise is that even if someone is able to access the server, this does not pose a security risk to customers because the data is encrypted and therefore unreadable. We have now shown that this is not the case”, explains Matilda Backendal.

This would be true for a properly implemented end-to-end encryption scheme.

Yeah, that section is bad.

For one, it’s has classic vibe “if you want to keep the nazis out, you’re the one who’s exclusionary”.

But also, how is refusing to engage on a platform “shutting out a significant portion of [the] community”? That sounds backwards to me. Blocking people from engaging with Debian on its own platforms would be shutting them out. The implication in the article is that Debian is obligated to be unconditionally present on every social platform its users might be on.