It is GPL and you have the control over your keyfile(s). A browser plugin for the commercial services could any time sneak evil bits in, so you might feel less safe with them (they could upload your masterkey or your decrypted keyfile, when asked by the NSA).
Evil bits could just as easily sneak into Keepass if the author wanted to. It would require someone else constantly auditing all commits along with verifying binary builds posted on the website match the current source's compiled output.
Edit: my above comment is just to prove a point. We put trust in a lot of the software we run. Software being open source does provide some safety, but very very few people will go through the effort to make that verification.
