A password manager really needs to be a high-availability service -- it should work even (especially) when AWS is down. Since our service (intentionally) does not cache secret data on the client, running a proxy is not substantially easier than running our service. Plus we'd have to write this proxy :)