the Google Play version of an app is likely to have more privacy than the F-Droid version?

No, the opposite

Apps (apks) must be signed before uploading to distribution sites like play store or f-droid. Some devs are signing their app releases with different keys, because for example the google play version of the app has to contain stuff they don’t include in f-droid versions. These are mostly privacy related things, google does not allow in their play store. In case of bitwarden the two versions are most probably the same and they’re signed with the same key. So if there’s an update in either of the two distribution sites it will show you, that there’s an update. Now I use Aurora Store instead of play store for apps that are not available in F-Droid and you can blacklist apps there, so I only get updates from F-Droid.

Yes, apparently it has to be on some kind of builtin list of allowed browsers, otherwise it won’t work. But sadly the PR is still stalling…

It’s exactly what you said: improving an existing app. For certain reasons, the original Bromite branding can’t be used and since the original project’s developer is basically left the project, this was the only way: forking and rebranding. The owner of this fork project was one of the main, most active contributors to Bromite anyway, so it should be fine. I wonder, though if there’s going to be a Cromite WebView as well, because I still use the Bromite WebView… Does anybody know?