Vaults with time limits to sharing would be great for multi-device use cases of Proton and limiting the fallout from endpoint compromises (maybe linked together with QR codes)? You can hack together a solution now using multiple user accounts and doing the time-based share via folders yourself, but this really should be a thing vaults do by default. Similar for cross-user sharing use cases.

Similar, Pass should not download all creds, only creds for specific vaults for a specific time period.