You are not storing passwords in plaintext on their servers. They are very open and document on how it works. Basically you give them fully encrypted information they can‘t use for anything
"Fully encrypted" doesn't matter if an attacker finds a vulnerability in 1Passwords encryption, or simply gets hold of the cipher text and has time and money on their side.
This is pretty fundamental security practise: don't give people stuff they don't need to have, and that means you face less risk of that stuff being lost or misused.
