If you use their web interface, they will store your password on their servers. Be aware of that.
Also, your account password is the the key used to encrypt your data (easy to verify: accessing your data on a new device only requires your account password). They use PDKDF2, which expands the password into a larger key, but (obviously) doesn't add any entropy to that already present in the password. Choose your password wisely.
That password is also used to access the billing, etc web interface, so they do keep at least a hashed copy of your password on their servers.
As with any closed source and opaque solution, you shouldn't depend in any way on unverifiable claims. They could now, or at any time in the future, store your passwords. You're better off handling your own security than trusting magic black boxes.