*BOLLOCKS &*!@@!!!*
That's my fear. Admin curiosity and the possibility of source code theft. Not every analyst employed by the NSA/GCHQ will be 100% honest. If like me, you have your own source code and don't want hundreds of NSA/GCHQ admins armed with USB mem sticks with access to it, but still need to work with GIT and in the cloud - check out Boxcryptor. Though the problem still remains it's difficult to know if any of these services are compromised.
This will take a few sentences to explain but I think is a good example of just how exposed we are even when being careful and just what an overhead this imposes on innocent people. Having considered the problems with government dragnets and feeling uncomfortable about the exposure of my businesses source code (read: Crown Jewels) to x number of unknown prying eyes. I recently updated my Passpack master password and all the key service passwords contained therein. Took bloody ages, is a bit fraught with the danger of getting something wrong and locking yourself out of a service (as can easily happen if you save a password on a device, the device fails to synch, but you then change the master password before the synch has completed). I then spent a couple of days getting used to my new memorised passwords feeling relatively safe (though who really can tell).
Anyway, I use an app launcher called Alfred, and very good it is too and can typing and launch stuff without having to look at the screen or keyboard. So I have a print out and want to access one of my accounts, I type 1Pa (that's sufficient to always get 1Password launched) and once it's launched I can immediately type in the master password.
Except when I look up, for some reason 1Password has (for whatever reason) failed to launch, and muscle memory has me typing my new master password in the address/search bar of my browser. Google, is parsing the text and giving me suggested searches.
So now the NSA/GCHQ my ISP, and probably even local neighbourhood private eye have access to my master password.
Worse, even if I change it quickly, it's no good because the GCHQ/NSA dragnet keep copies of everything on cloud services for some time, so can access old dropbox 1Password database (additionally and worse, dropbox keeps past file versions). So to remain secure I have to go through the whole damned process again changing all key passwords whilst all the time thinking "this is so much effort for something so low risk" but still I have to do it because the knowledge I have compromised myself will play on my mind.
It occurs to me, the amount of times this must happen (typing or starting to type a password into Google), must be huge and probably very few people would bother to remedy it by doing what I have done. It's so easy to do. NSA/GCHQ can easily parse for Google queries that look like passwords.
Google search suggestions are now (firmly) switched off (which means I lose the benefit of the top hit getting pre-loaded in the background - which is a nice performance gain). Just written this as (yet another) illustration of how difficult it is to stay secure and private in today's cloud based world. Despite the convenience I close to junking 1 password - it just introduces too much uncertainty and risk in the process. It's often said the only way to secure a computer is put it in a locked room with no connection to a network. This is yet another illustration of why.