If you wanted to, it's not too tough to extract the source code of their browser add-ons to verify for yourself that your vault is encrypted before being sent to their servers, and that your master password is not sent. (And of course with this tool it's relatively trivial to look through the javascript to verify the same.)

So while you can't look at the code running on their servers, it seems to me that you certainly can know they don't have access to your vault.

This comment is funny because this thread is about an OpenSSL bug that has been giving up your keys for 2 years.