Thank you @Anshu kumar for clarifying that this is the way you want to go with Enpass.
I still don't agree that it makes sense in every case and also about not having to worry about security. With this design every vault is only as secure as the primary vault passphrase wise. You are right that I can disable sync for a vault which means it is secure on the storage device/service I am syncing with but on my PC/Mac I have to use a passphrase on the primary vault that is at least as secure as the passphrases of the other vaults if I don't want to sacrifice security.
I think this doesn't make sense because the passphrase of the primary vault is the one I have to type in very frequently so I don't want it to be too complicated and long but if the more complex passphrase of a separate vault is stored in that primary vault, again, the added security of the separate vault is gone (again, only locally).
Also I like to use the PIN after typing in the passphrase once which weakens security in favor of convenience. It would be irresponsible to do this if the security of every vault depends on that PIN.
I think it shouldn't be too hard to allow vaults that have to be unlocked individually and it would help a lot!
I hope you understand my concerns and think about this again. Especially considering that 1Password has exactly the same weakness and quite a few users who are unhappy with it (https://discussions.agilebits.com/discussion/56271/individual-unlocking-of-secondary-vaults-gone-in-1password-6).