Can we put all "Quick Unlock Code" functionality behind a screen guarded by the code itself?
So, when you install you are forced to create a code, regardless of whether it's used or not. Subsequent visits to this new screen require you to re-enter the code - regardless of whether "Quick Unlock Code" is turned on.
When you toggle "Quick Unlock Code" from ON to OFF, it does so without asking you to confirm the current unlock code. Although you are moving from a less-secure to a more-secure state (i.e. code to master key), the fact that you are moving state would suggest you need to confirm identity. Would it be possible to ask for a confirmation of the current code before you allow this to happen?
When you toggle "Quick Unlock Code" from OFF to ON and you have previously set a code, I think you should ask the user to reconfirm the previous code that was set.
You can fix all this by forcing code entry BEFORE viewing/altering the "Quick Unlock Code" state.
Suppose [total, idiot user edge case]: I leave my phone unlocked and in the settings screen and run to grab some water. Nasty Coworker picks up my phone, toggles Quick Unlock Code to OFF, toggles it back to ON and sets his own code.
If I am later tapping a text message and I am disturbed by a call, I put my phone down. Nasty Coworker picks it up and enters 1Password using the Quick Unlock Code he created.
This is a total edge case, I know the product cannot guard against moron users, but it's a real security red flag that's stopping wider adoption at my company...!