1Password does not have a list of "secrets" that it draws from for all forms, it only saves the information you provide per-site; anything it submits to a site is information you've already submitted to the site previously.
1Password's extension does not prompt for my master passphrase, I have to click on it to enter it (if I haven't already). It also to don't try to fill forms on page load, I have to instruct it to do so. By default it will usually submit a form upon fill but I often turn off that setting.
As for browser vulnerabilities, I'm not familiar with any information about extensions being particularly vulnerable to browser exploits, it seems like when browsers get "pwned," anything in userland (if not the whole system) is up for grabs so avoiding the password manager's browser extension doesn't gain you anything. I'm not saying there's no risk, just that trade-off is worth it. Agilebits argues that using the extension is safer because it avoids keystroke loggers and clipboard sniffers [0]
I use LastPass, and features you mentioned also apply.
LastPass also unfortunately has in-pane banner pop-ups which I do not trust at all. Blind and automatic autofill is dangerous. I'm not sure if you can enable that.
Another feature I like is the detection of compromised sites and password rotation reminders.
1Password's extension does not prompt for my master passphrase, I have to click on it to enter it (if I haven't already). It also to don't try to fill forms on page load, I have to instruct it to do so. By default it will usually submit a form upon fill but I often turn off that setting.
As for browser vulnerabilities, I'm not familiar with any information about extensions being particularly vulnerable to browser exploits, it seems like when browsers get "pwned," anything in userland (if not the whole system) is up for grabs so avoiding the password manager's browser extension doesn't gain you anything. I'm not saying there's no risk, just that trade-off is worth it. Agilebits argues that using the extension is safer because it avoids keystroke loggers and clipboard sniffers [0]
[0] https://blog.agilebits.com/2014/08/21/watch-what-you-type-1p...