This is an excerpt from AgileBit's recent email message regarding the Heartbleed bug: "1Password does not rely on OpenSSL to secure your data. Your data in 1Password is protected using Authenticated AES 256-bit encryption and can only be unlocked with your Master Password."
This is an excerpt from the FAQs for 1Password 3: "We know how complex encryption can be and so we decided to leave it to the experts instead of inventing our own. 1Password does not contain a single line of encryption code; instead we used OpenSSL, which is shipped with over 20 million Macs and is the standard used by most of the Internet. In addition to its huge user base, OpenSSL is open source. This is critical. It means that experts from around the world can view the code and ensure it is correct and does not contain any back doors. The size of the community and open nature of OpenSSL, combined with the state of the art encryption algorithm, makes 1Password’s encryption incredibly secure and reliable."
That is confusing to say the least. Was the email message intended to apply only to 1Password 4 and not 1Password 3?