The problem is that most humans aren't capable of remembering high-entropy passwords, and are even worse entropy sources.
Most password managers and passkey implementations solve that problem by either requiring additional entropy (such as 1Password's "secret key") and/or rate limiting retrieval attempts using some zero knowledge based PAKE server-side (i.e. you can only retrieve the encrypted database if you can prove knowledge of the password, and attempts are rate limited).
My project does neither, so unless your passphrase is very high entropy, this approach is not secure. (And if it is high entropy – where are you storing that in turn?)
Most password managers and passkey implementations solve that problem by either requiring additional entropy (such as 1Password's "secret key") and/or rate limiting retrieval attempts using some zero knowledge based PAKE server-side (i.e. you can only retrieve the encrypted database if you can prove knowledge of the password, and attempts are rate limited).
My project does neither, so unless your passphrase is very high entropy, this approach is not secure. (And if it is high entropy – where are you storing that in turn?)