I think it's correct for the default package to be the safest-possible one. It's a password manager not an mp3 player.
Yes it's annoying that an existing behavior will change, but that problem is not more impportant than the problem of what should be the default behavior of a security app.
keepassxc should have always been like that by default and all the added conveniences that also add bug-surface and attack-surface should have always been things you have to go out of your way to add.
It wasn't and so now to fix that error requires a disrupting change, but that is not enough excuse for not fixing the error.
Safest by what metric? Calling the browser integration a "convenience" feature only is just fundamentally wrong.
Realistically the most common attack most users face is a phishing attack, removing the browser integration which checks the URL programmatically before filling the password opens the user up to being phished more easily (users check URLs less consistently and less reliably), so arguably this makes the package less secure in the real world.
The songs could tell you where to find the post-it note within your record library. Let the hackers gain access to your google drive AND decrypt the db. :)
Yes it's annoying that an existing behavior will change, but that problem is not more impportant than the problem of what should be the default behavior of a security app.
keepassxc should have always been like that by default and all the added conveniences that also add bug-surface and attack-surface should have always been things you have to go out of your way to add.
It wasn't and so now to fix that error requires a disrupting change, but that is not enough excuse for not fixing the error.