I got a question: What happens if the server gets hacked? Is there any way the attackers could access passwords with the access they have (without them knowing the master password ofc).
Do they have any possibilities with the admin panel? Creating backups or something?
Admin panel only has access to remove MFA options, all data is encrypted by the client prior to being transmitted.
Possibly there may be a way to get access to the Org information as I am unsure how those private keys are stored.
Most likely though if someone was able to compromise your hosting server then they could simply run a basic phishing attack to get your master password needed to decrypt your data.
Worst thing would be that the domain and certs would be valid too, so there would be no outward way to easily tell it was a phish I believe.
Same though goes for getting malware on your your personal PC or mobile device used to access your vault when it is unlocked, downloading malware is basically an all bets are off kind of situation, practice good op sec and you should be fine.
If you are truly worried, simply keep your server local only and only use a VPN to access it on your local network.