> password is provided to the server to partially unlock so a malware server or MITM could get the password
That is completely false.
"The Master Password is cleared from memory after usage and never transmitted over the Internet to Bitwarden servers, therefore there is no way to recover the password in the event that you forget it."[0]
Bitwarden does some of the KDF operations server-side which means that a portion of the password (even if it's been through some KDF operations) is sent to the server.
They send the hash of the master key password after it's been encrypted to the server. They then encrypt the hash on the sever side to auth you. They don't send the password itself.
What that article is saying (rightfully, mind you) is that an attacker can mostly ignore the server side round of encryption, because if they have a copy of your local vault, they can just perform the client side rounds and then see if they can decrypt the vault.
This is a problem mostly if you see their claims of 100000 rounds server side, and decide "oh that's fast enough, I'll drop the client side rounds to 5 so my vault is fast to open)"
According to Rossmann's FAQ[1] it's 'supposedly "four letters that sound good together".......'. Someone did also add an entry on Urban Dictionary[2] defining it as "Fuck You, Tech Oligopoly"; seems that's the closest we're gonna get to an answer for now...
If you do a simple ctrl+f on the article for "MDMA", the second result directly addresses MDMA used for PTSD[0], and the big issues surrounding clinical trials for it. Based on the treatment of participants in MAPS trials, conducted under Health Canada, I would treat anything the FDA says about psychedelics with a large amount of skepticism too.
But they're being cautious with it, so I'm optimistic. I'm still a happy supporter and user.
[1]: https://blog.kagi.com/safe-round