Think of all of the password leaks you've heard of. How many were due to syncing password vs password reuse, poor site security (e.g. storing in plaintext, weak encryption, etc.)
I'm not saying syncing is 100% secure (nothing is), but for most people it's not the main attack surface to be concerned about.
I'm not saying syncing is 100% secure (nothing is), but for most people it's not the main attack surface to be concerned about.