The biggest threat would be a new version of the software with some malicious aspects. They'd have to upload it and remain undetected long enough for people to update. This seems like a long shot, but stranger things have happened.
I use 1Password, and it sure beats my old strategy of using a text file for all my unimportant passwords.
Coincidentally, the 1Password plugin is helpful in preventing phishing, too. If you're at the wrong site, the 1Password autofill will not work.
