1) There is nothing better in terms of overall security+UX out there. It would take hundreds of man hours to build a personal solution, and thousands for a distributable solution.

2) Until recently, the direction they were moving in was good, even if their current position wasn't ideal.

3) It isn't so much that I think they could be malicious as that I don't trust them to have enough internal controls against external compulsion or an employee with prod access getting hacked.

There are some passwords I don't put into 1Password (PGP, etc), and I try to avoid having passwords-only as auth credentials for anything important. So it is more I would have hundreds or thousands of low to medium security site passwords at risk, which in aggregate would be a huge inconvenience. That is more because I don't have huge faith in the local OS security on machines than 1P as a particular risk vector.