I've read https://support.1password.com/full-dropbox-access/, which unfortunately might be paraphrased as "It's too fiddly for us - but you can trust us anyway".
I can see no reason why the following shouldn't be possible:
1) If you're concerned about legacy file locations, and want full access to be default - fine (well, acceptable at least). But why not have a new option for people that care about this to have the 1password files in a particular place within Dropbox, and for only that folder to be available.
2) On the iOS client to have server side Dropbox sync even if you have the Dropbox app installed.
You can make the argument one must still trust the 1Password desktop app - after all not only can it access your whole Dropbox, it could access your entire computer. However, at least one can monitor file accesses of the process itself.
If I give you server side access to my whole Dropbox folder, what happens if someone steals your dropbox client API key? They can access every single one of your customer's entire Dropbox accounts that have enabled Dropbox sync!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided