It's a choice on the user to weaken the encryption. I don't use Bitwarden, but if they communicate that properly to the user, it's a valid compromise for convenience-versus-security.
This doesn't answer the question. Why is there a choice to encrypt something when it's completely unnecessary (according to their threat model)? No point in building unnecessary complexity into software, especially software meant for security.
