[LukaAl]

Every app that runs on your systems with enough privilege could sniff your username and password and send it out.

That means also apps installed by a person who has access to your systems or malicious code that you, or someone who as access to your system, launched on your system. I'm not sure where it put 1Password in terms of safely storing password, but it is probably in the area of a post-it on your monitor.

I don't know what's your opinion, but if I use a password manager, I'm expecting something more

[afreak]

> Every app that runs on your systems with enough privilege could sniff your username and password and send it out.

Every app that runs on your systems with enough privileges can dump the memory and extract information via that.

[matthewmacleod]

I don't see how the situation you describe is avoidable, while retaining the ability for a user to automatically fill form fields. That inherently means that the password will be unencrypted and stored for some time; what's the practical difference between sending it via loopback and any other method?