If 1password has been injected with malicious code, whoever has done so will have all your encrypted credentials the next time you unlock your vault, including presumably your full Dropbox creds.
(Caveat: I use Keepass2Android, which ironically DOES support limiting access to the Apps folder in Dropbox.)
(Caveat: I use Keepass2Android, which ironically DOES support limiting access to the Apps folder in Dropbox.)