Well yes, but no. If you only operate your password store on devices you trust, then even typing in your password on a device with a keylogger active, won’t compromise your account since you have the 2nd factor (e.g. the TOTPs)

If u have 2fa in the same database u can login on devices you don’t trust. E.g. a coworkers computer/public computer in library.

Testcoverage by ai generated Tests is close to worthless. “Tests are only as good as the person writing them”

Did you generate your tests?

They recently recieved a “Blauer Engel” certificate for nextcloud-server. Iirc that seal requires the user to be able to choose what he wants. So new features are OK but they have to be optional. That certificate is handed out by a german government Institution. And very recently they started handing it out to software too, with nextcloud beeing the first BIG reciever.