You should not have to blindly trust that your password manager encrypts your data securely and keeps it private. With S10 Password Vault you can actually verify the encryption performed for both storage and transmission, using publicly available tools such as the Flash cryptography demo page.

Storage - The data file (Password Vault.s10p) contains base64-encoded encrypted data, produced using the AES 256-bit encryption algorithm, where the key is the SHA-256 hash of your master password (or, if you use a USB-drive key file, the SHA-256 hash of the concatenation of your password and the contents of the keyfile). The AES encryption uses CBC mode with PKCS#7 padding and prepends the 16-byte initialization vector to the cipher text. If you decrypt the data you will see folder/account names in clear text but usernames, passwords, and notes still individually AES-encrypted (this is the in-memory representation). You can decrypt these values with the same key used to decrypt the data file.

Synchronization - S10 Password Vault uses a three-step synchronization process that you can verify by capturing network traffic (note that info sent to the server is form-url-encoded).

1. Initialization: The program generates an RSA 1024-bit public/private keypair and sends the public key to the server (in the format Modulus_Exponent). The server generates an AES 256-bit session key, encrypts it with the received public RSA key, and sends it back. The program decrypts the AES session key with the private RSA key (which you can see in C:\Users\[username]\AppData\S10 Software\S10 Password Vault\syncRsa.xml)
2. Download: The program encrypts the UserID with the AES session key and sends it to the server. The server decrypts the UserID with the AES session key and sends back the encrypted data stored for this UserID. The program decrypts the data with the AES 256-bit Encryption Key specified in the Synchronization window, and imports data as appropriate.
3. Upload: The program encrypts the data for the entire vault with the AES 256-bit Encryption Key specified in the Synchronization window, and uploads it to server.

Sharing Folders - A shared folder is represented on the server under a filename of the form OwnerID_ShareID, where the ShareID is the SHA-256 hash of the Encryption Key specified in the Share window.

For step 2 of the synchronization process mentioned above, the program appends the filenames of any shared folders to the UserID string (delimited by space), before encrypting and sending to the server (note that the "OwnerID_" part is omitted for shares owned by the user). Likewise, the server appends the encrypted data for the requested shares to the user's primary encrypted data (delimited by space), before sending it back.

For step 3 of the synchronization process, the program encrypts the data for each shared folder with the corresponding AES 256-bit Encryption Key specified in the Share window, and uploads it to the server under parameter names Data1, Data2, etc. Any old, unused share files stored for the current user are deleted from the server.