What makes the built-in database easier to attack than a separate one?

For performance reasons, early versions weren’t even encrypted, and later versions were encrypted with easily-cracked encryption. Most malware broke the encryption on the password DB using the user’s own hardware resources before it was even uploaded to the mothership. And not everyone has skookum GPUs, so that bit was particularly damning.

Modern password managers like BitWarden can be configured with truly crazy levels of encryption, such that it would be very difficult for even nation-states to break into a backed-up or offline vault.