E2EE done properly is why. See 1Password security whitepaper for how.