I was thinking about one more case, if you are using 1password as a cli tool. Let's say you "op run -- npm dev". If there's a malicious node modules script, it would of course be able to get the env variables you intended to inject, but would it also be able to continue running more op commands to get all your other secrets too if you have started a session?

Edit: Testing 1Password myself, with 1password desktop and shell, if I have authed myself once in shell, then "spawn" would be able to get all of my credentials from 1Password.

So I'm not actually sure how much better than plaintext is that. Unless you use service accounts there.