I would imagine the vast majority of Zelle transactions happen through the banking apps. The Zelle app mainly exists for the people who bank somewhere that isn't part of the Zelle network. (Source: am Zelle developer for bank)

Not that I am for or against password keepers, but isn't the actual password data itself separately encrypted and stored in an individually encrypted state? That is, not even the people who run the password-keeping service can decrypt the blob of data they store, since they don't store the information necessary to decrypt it. (Decrypting the passwords is done locally on your machine after you type in your pass-phrase.) So an attack that compromised a well-designed password-keeping service would only net the attacker a large number of individually encrypted data blobs, each of which has a separate pass-phrase and would have to be attacked separately.