Answer 2: This is hard to answer, technically anything can be compromised. With bruteforcing there is no chance to break the storage. With social engineering (guessing your master password) it is possible of course as in any other case when you protect something by key only you know.
See our security whitepaper to get picture about encryption model we use https://files.avast.com/files/passwords/security-whitepaper.pdf
Answer 3: No we don’t, once you delete the password is it gone and is no longer in data set thus neither in synchronization