Don't go to Electron unless you can promise 100% security

Hey, @trinko. Electron packages up the UI for 1Password 8 for Mac. So when you're 1Password to fill forms in your browser, Electron is not involved. When you view a password in 1Password 8 for Mac, though, yes, Electron "sees" it, similar to the way that Safari or your browser of choice "sees" your password when you fill it in a website. As @dougl said above,

Any modern app uses third party libraries and are exposed to supply chain attacks. Those attack surfaces vary depending on the particular framework. Unless you're going to write low-level direct API code, there's always an intermediate code base that's at risk.

The question is how much risk, and that's worth having the conversation about.

There is a lot of other third-party code we use that has the opportunity to "see" passwords and other secrets. This is the nature of software engineering, and all third party code has to be vetted carefully.

If you haven't watched Mitch's talk, I think it would really help answer some of your questions. Unfortunately, even though Roustem linked to the correct start time for Mitch's part, it didn't show up that way for me when the forum software here embedded it, so if you want to watch it, click through to YouTube itself and go to about 1:25:10, or copy and paste this link: https://www.youtube.com/watch?v=_P6qI4ahBVk&t=5110s.