Okay, my three premises:
1) 1-Password is in the business to make a profit.
2) 1-Password makes a profit by convincing users their master password is unknowable to anyone but the user.
3) If 1-Password is very successful, the value of the accounts protected by master passwords could well exceed the value of the company, and thus the most profit might come from selling the company to the highest bidder who may want to rewrite the code to secure the master passwords.
Can someone correct my thinking that 1-Password is only as secure as those who control the code want it to be? Even if 1-Password was secretly run by nefarious Romanian identity thieves, they would want to write a very, very good program so to give people the confidence to rely entirely on the security of one password. But any time I enter my 1-password I have no way of knowing whether a bad guy hasn't rewritten the code to copy what I'm typing.
I've wondered...who would I trust to control the 1-password code? The government? No way. My sister? Sure, but my sister can't buy 1-password. My church? Sure, but again, my church can't buy 1-password. How about the Nation of Islam? No. The Pope? Sure. The Mormon Church? Maybe. We'd all have different answers and we'd subscribe to the group we trust.
Anyway, the point of this exercise is to ask whether there is any way to verify that 1-Password is more secure than the person(s) who control the code.