I guess the idea is that you trust open source software to encrypt the vault, so Dropbox couldn't do anything with it even if they wanted to. That's also true for the open source Bitwarden clients though.