In theory they can do more security, than you get when you just store a keepass file on a server. Things like temporarily blocking access when GeoIP information for the client changes, or a lot of secrets are accessed in bulk. The keepass file, you only lose once and the attacker has years (or up to your next rotation) to crack it.