Good to have the heads up. I just bumped my KDF iterations from 100000 to 600000.
One thing that is also worth mentioning for anyone nervous about their password security is that you can use a physical security key with the paid version of Bitwarden. I need to use a yubikey to log in to any new instance of Bitwarden and it's been working well.
Yes, 2FA/MFA only serves as access control, to limit who can retrieve a copy of your encrypted vault from the server (to then decrypt locally).
Like in the Lastpass scenario, if someone gets a hold of your vault from a server side backup (or compromise), then your access control is bypassed, and won't make your vault harder to decrypt.
Using MFA is definitely good practice though, as in normal circumstances an attacker will be trying to get to your vault without server side access.
One thing that is also worth mentioning for anyone nervous about their password security is that you can use a physical security key with the paid version of Bitwarden. I need to use a yubikey to log in to any new instance of Bitwarden and it's been working well.