Well yes, right now that is true. Without filesystem access, without long term persistence, just process memory access, a compromised browser can dump whole db from 1password7 at once. You only need seconds of time.
If only recently accessed passwords were unencrypted, only those would be available.
If only recently accessed passwords were unencrypted, only those would be available.