Don't go to Electron unless you can promise 100% security

roustem Sorry but I don't see how your response addresses my concern.

By definition for 1Password to do its job passwords have to be communicated to the platform on which 1Password is running which means that they will be accessible to Electron. Every time I go to a web site if someone has hacked Electron they will see not only my passwords but the web sites those passwords are associated with.

In addition since the only interface between 1Password and the user is Electron vulnerabilities in Electron which would enable a virus/bot to input commands to the 1Password core which would allow finding out passwords--people don't care about your World of Warcraft password so they'd simply fake a request for the password to the sites they do care about, like say the major bank web pages, and the 1Password core would return the info they wanted. It's easy to imagine a simple bot that, given an Electron hack, would cycle through all the major financial web sites looking for a hit.

External testing is fine but without access to the source code you have no way of knowing there are no ZDEs.

The whole point is that by outsourcing the interface between the core and the OS/Apps Agilebits is making it impossible to ensure that the data will stay secure. It's as though you're passing unencrypted data over a network you don't control.

If UI is the issue I'd be much happier if you just froze the v7 UI and kept it forever on the Mac app.