Fair play on their response. They are limited to what's possible. I never think as any of these things as 100% infallible. I think the benefits in security 1P brings with it's functionality outweighs the likelihood of a targeted malware attack. This is more about wider vulnerabilities in OSX than an error on Agile Bits behalf.
Note that their 'response' was from 8 months before this article was published. I'm surprised this article is getting so much attention.
In case this is news to anyone: if your machine is compromised, your data might be compromised too. This is not a failure of 1Password at all.
…if your machine is compromised, your data might be compromised too.
Certainly true if your machine is compromised and you keep using it. :D
I have no clue what's this link doing here, but the best comments on this topic are on the netsec Reddit thread here: https://www.reddit.com/r/netsec/comments/48npbu/1password_sends_your_password_across_the_loopback/
It would be really cool if Password Chef was still being developed/on Android. It's a really cool concept.
My Chief Defender Against the Dark Arts explains it all here: https://blog.agilebits.com/2015/06/17/1password-inter-process-communication-discussion/ - via 1Password on Twitter