Yes, pins can be bruteforced when they are stored locally, on device. That should be pretty obvious to those of us who know anything about security. However, the average user doesn't know about security. They shouldn't be expected to understand the nuance of security. So many people in this comments section are saying 'well obviously a pin can be cracked' but it's not obvious for the average user! Stop blaming the user here when Bitwarden should only offer features which are secure or at the very least provide a warning when a feature is unsecure.
Local pins can’t be brute-forced on the majority of my machines. The exception is a decade+ old intel desktop, and, even then, I think it has a wonky tpm slot (or I could buy a yubikey. They support locking pins after too many retries, right?)
