And now my reply to your first point. Thank you for letting people know that this interprocess communication is readable by something running as root on the user's machine. For those interested in this, please see an article we posted about this back in June: https://blog.agilebits.com/2015/06/17/1password-inter-proces...
We try to be very clear and open about the choices that we've made in our security design, why we made them, and what the implications for users are.
We try to be very clear and open about the choices that we've made in our security design, why we made them, and what the implications for users are.