[Disclosure: I work for AgileBits, the makers of 1Password] I’d like to point people to blog post of ours on exactly this issue: https://blog.agilebits.com/2015/06/17/1password-inter-process-communication-discussion/ The short answer is that we are limited in what we can do against malware running on your own devices. And all schemes we’ve looked at to “encrypt” that communication would either req