Who cares about the list of sites you have accounts? Unless you're paying for goat sex porn, the site names themselves are utterly boring and useless. Attackers already know you have an account on Amazon because you are a human being living in the developed world in the 21st century.
1Password is apparently unusable without a required master password (as it should be), so failing to also protect the site list with it was a serious and lazy mistake. If you have nothing to hide, that only means you aren't doing anything controversial, which I regard as a personal failing.
If you can't imagine a scenario where this is a Bad Thing, you aren't that imaginative. "Who cares?" is almost never the correct response to a bug report, especially a security-related one.
? what's your point, so there's a file that it stores on your hard drive. That's obvious. The passwords in that file are still cyphertext encrypted with your master password. Using "strings" doesn't give you anything that you can use to log in.
You need to pick a good password, but there's only 1 to remember (hence the name).
Did they store them in actual, real plaintext at one point? If so, that's not how it works now.
:O so much for the concept of a password vault. I had better security than this when I was manually decrypting/encrypting a .txt file with my passwords with AES256
$ strings ~/Library/Application\ Support/1Password/1Password.agilekeychain/data/default/* | less