Let me prefix these questions by saying that I am not trying to be annoying, I'm just curious about the true security of your products. Is there any documentation available on how you protect our data and keys when we click "Lock" and on application exit? For example, all sensitive data is zeroed using code that is not optimized out (on all platforms). Has the bytecode been reviewed on all platforms? That is, have you hired outside security consultants to review your source & bytecode on all platforms? As 1Password gains popularity and grows its share on platforms, it will become a more attractive target to crackers.
Also, is there a way to customize the rounds of PBKDF2 during key generation? Apple iOS is reported to use 2,000-10,000 (wikipedia), and I have other encryption SW that allows much higher. I have met crackers who use cloud computing for bruteforcing keys. Once all of my contact info, passwords, and bank information is located in this one place, it is very attractive. I suspect that many users have passwords that aren't sufficiently complex, especially now that the application is on smartphones.