[aussiesnack]

I just don't have the security expertise to make the judgement, and, let's face it, that's true of most of us. Which is of course why you're asking, but you're not guaranteed to get answers from people you know to be any more knowledgeable than you. Somewhere you have to rely on good old human trust.

Finding the info re where to place your trust is tricky. I happen to have been personally recommended 1Password by a genuine security expert who uses it for his family, and that's about the best I can do. I know Agilebits pays for regular 3rd party security audits / pen tests. I guess you could look further into those. I know they're financially sustainable so can afford the expertise they need (which is part of why I think subscription a good model for software like this - I want Agilebits to be on a long-term secure footing). As far as we know publicly, they also have an excellent security record (which LastPass didn't even before the recent breach).

[edit - there's more info here https://support.1password.com/security-assessments/]