Dale Myers posted a blog entry a few days ago about a problem he’d found in 1Password: while passwords in AgileBits’ vaults were secure, metadata was stored in the clear. And this was intentional, allowing web-based access to the vault to retrieve information without requiring the 1Password app.
Myers wasn’t incorrect and he wasn’t over-sensationalizing the situation. He also provided a recommendation for a solution, one that AgileBits endorsed in its blog entry responding to his post. And he continues to use the product.