Safety concern: deleting logins does not ask for master password confirmation

When editing a login, the master password is queried at every request to protect unauthorized edits to the login information. However when deleting the logins, the master password is not queried, which gives an unauthorized user the ability to sabotage my saved logins.

In my opinion, this is a gap in the manager’s defenses. There is no point in querying the master password when editing a login if at the same time it is not queried when deleting a login. Either query in both instances or don’t query in either. What do you guys think?

The master password is for the encryption of the passwords, as far as I understand. Deleting something encrypted does not require the decryption of the thing.

right, but in the case of editing the logins it is not only queried for the decription of the password, since it is queried at every editing attempt. The master password only needs to be queried once per browser session for decription purposes. An additional query for editing the passwords or displaying them in plain-text should then only be needed for authorisation purposes.

It is probably required for the encryption?