Auto-Fill Security Concern

Those are excellent questions @brank.

Keep in mind that 1Password never fills without explicit user action. User action may be as simple as a hot key, but the user is always in the loop. This means that a malicious page needs to fool both the user and 1Password. The result of this is that 1Password filling is going to be safer than either alone. 1Password filling is going to be safer than you manually using share sheets or copy/paste for a number of reasons.

1. With 1Password filling the site needs to fool both you and 1Password. For other mechanisms it only needs to fool you.
2. The communication between 1Password, the 1Password extension, and the place it is filled into is more secure than the alternatives mechanisms (either copy/paste or what you use from the share sheet)

So if you have been using the share sheet instead of having 1Password help you fill forms, you have not been doing yourself any favors with respect to security (or ease of use).

Automatic autofill is dangerous. 1Password's autofill is safe.

You may have heard that "autofill is dangerous" and set your behavior accordingly. The misunderstanding is because of the term "autofill". Automatic auto-fill (without user intervention) is dangerous. 1Password has never offered automatic autofilling. We've been warning of the dangers of automatic autofill probably a decade or more. You can read more about this in https://blog.1password.com/1password-keeps-you-safe-by-keeping-you-in-the-loop/.

Auto-fill (requiring user intervention or conformation) is much more security than manually filling. I really wish we had better words for these things. The warnings you may have read about autofill without user action are correct, but those only apply to systems that silently fill without user action. I do understand how such warnings can end up scaring people away from something that is beneficial to security (the way that 1Password always has done autofilling).