So anything that monitors your clipboard (basically every spyware worth its salt) will have a copy of all your passwords then? That doesn't seem very secure.
That is the case for all password managers... A big loop hole imo but one that has to be weighed against having simpler, more similar passwords for services.
Which includes the vast majority of exploitable passwords. Passwords that only work on my local machine are of less concern when it comes to being hacked by a random keylogger software.
The only workaround I can think of is: don't use the clipboard then.
With pass you can also display the password on the console so you can retype it, but if you're running in an X session you're potentially screwed anyway.
Reminds me that I tried to see if Emacs did anything to input in password-reading mode, and the content was in clear, only the rendering was obfuscated.