I guess they can be, but unless someone physically had your device the data is pretty useless. The only one with the encryption key is the user. Bitwarden can't recover your data if you lose access by forgetting your password and losing your device. They just store a bunch of encrypted data...