By the time I go through all my passwords at least once, browsers and OS will release multiple rounds of patches and potentially fix the exploit in question. This is still preferable to uploading whole database...
I think the cost-benefit differs. If the whole database is leaked, you just rotate everything. Only the stuff that has been used (which tipped you to it being leaked) has a real impact. Nobody's going to compromise every single account you have all at the same time, unless they're specifically targeting you, in which case they're going to get everything anyway. So on balance, it doesn't matter if some random malware gets 1 of your passwords or all of them. The real-world impact is about the same: limited. The cost of worrying about the extra security outweighs the benefit.
Another way to go would be tiers of password managers. Even if all of their unlocked integrity sucks, you can have one manager that keeps your most sensitive accounts, and another manager for the rest. You rarely unlock the sensitive one, and after you log in, you unlock it and exit it. Now you have much better opsec with very little additional cost.
Imagine a malware ad, using zero day browser exploit that is designed to dump 1password db at scale and upload it for further processing. As an attacker you can run this for a while (while exploit is valid) and then compromise thousands of bank accounts you have collected. As many as your scripts support.
Well yes, right now that is true. Without filesystem access, without long term persistence, just process memory access, a compromised browser can dump whole db from 1password7 at once. You only need seconds of time.
If only recently accessed passwords were unencrypted, only those would be available.
Another way to go would be tiers of password managers. Even if all of their unlocked integrity sucks, you can have one manager that keeps your most sensitive accounts, and another manager for the rest. You rarely unlock the sensitive one, and after you log in, you unlock it and exit it. Now you have much better opsec with very little additional cost.