And why do you think that authentication + encryption is going to be more secure than encryption alone? Either way, there's a secret. If you know the secret you can access the data and if you don't you can't. The UI/UX trappings of the mechanism don't change this fundamental dynamic.
What does change the dynamic is if you allow a third party to control the code that you run.
You can use 2FA to encrypt. OK, it would be 2FE, not 2FA, but it's the same idea. Just encrypt using a Diffie-Helman key derived from a secret contained on a device. (Of course, if you're going to do this, you could just as well keep the vault itself on the device.)
> Further, allowing anyone to download my encrypted vault just feels really uncomfortable and unnecessary.
It is unnecessary. I said you could publish your vault on github and still be more secure than a third-party provider. I didn't say you should do this. Of course you should try to keep your vault away from prying eyes. But you should not rely on this for your security. You should only ever rely on one thing for data security, and that is the integrity of your secrets, which should be small enough to be stored in your brain or in a device that allows them to be used without being read (2FA/E). That's the whole point of encryption.
What does change the dynamic is if you allow a third party to control the code that you run.