Apple's autofill only works in Safari. If you use Codebook with a different browser, you'll need another way to transfer your passwords into the browser.
But I agree that system-native software is exposed to different risks than web-engine software and that there is likely a greater chance of malicious software being encountered in the web environment. On the other hand, the average user is happy to install unvetted, brand-new software on their system as long as there's a pretty web page behind it. There is an active thread now on these forums displaying a clear example of that.
Then Toth is missing it. All my browser plugins show as having the 1Password fix that they feel is the appropriate one. I've turned on that setting that requires a quick confirmation every time a clickjacking attack would attempt to capture data. And remember, 1Password's browser extension provides significant functionality without the need to even click on the web page at all, so a real worrier can just turn off click functionality completely.
I read "bad idea" as "not the recommended approach because it is riskier than others". I would apply that description to the use of the clipboard. Codebook's secret agent might also be risky, but I don't know enough about the security measures they've taken with regard to the script that is running. I suspect no researchers are working hard at cracking secret agent, so vulnerabilities will be missed.
The 1Password team considers the browser extension safer than solutions where there is not active browser URL matching. They consider the risk of putting credentials into fields in the wrong website to be large. I tend to agree with this for me. My eyesight is not perfect and I log in to websites a lot; getting it wrong is likely. Using the clipboard or something like secret agent introduces a lot of risk.