GrapheneOS developer is very toxic, if you trust him is up to you. I prefer not running his code on my personal devices, especially after him blaming large parts of his community for coordinated harassment. Watch Louis Rossman's video on it.
Although for security-focussed custom roms on the google pixel, like Calyx or Divest, you can re-lock the bootloader, so there's less security risk. A factory reset is required to unlock it again, similar to a factory bootloader lock.
If this was the case, the phrashing around the issue would've likely been different. Yet bitwarden remained very vague, and even locked github comments on the issue.
Especially considering that a move like this alienates their core target demographic (people who use FOSS), they would've been much more open and much quicker if it wasn't intentional.
I will personally be switching, likely to KeePassXC.