Same way as the encryption key used to secure the communication with your bank. It doesn't.
The idea behind TLS is that the client and the server agree on a temporary key to exchange the information in a secure way (there's a ton of literature on it) without saving the key locally. The good news is that it is something already implemented in a safe way in all sufficiently recent browser (for sufficiently recent I mean, sufficiently recent to support plugins, because also IE 6 supports some old form of SSL) and make them available to plugins.
TL;DR: It's trivial to do it right, screwing it up in this way means they have no clue on what security means.
In this case, client = server. If your computer is compromised then they can get access to both private and public keys of 1Password and 1Password Mini.
It also doesn't prevent MITM unless both the client & server. Nothing stops you from presenting a fake public key pair between the communication
How doe TLS work then? Because public keys are signed by central authorities. Who do we know what to trust? Browsers and OSes have default list of certificate authorities to trust. How do we know that we can trust them? Technically they should be communicated outside the internet. If the version of Chrome you download is compromised with a rogue certificate authority (ex: SuperFish) then you're hosed.
It's turtles all the way. Unless keys are communicated securely somehow you cannot guarantee secure communication.
The idea behind TLS is that the client and the server agree on a temporary key to exchange the information in a secure way (there's a ton of literature on it) without saving the key locally. The good news is that it is something already implemented in a safe way in all sufficiently recent browser (for sufficiently recent I mean, sufficiently recent to support plugins, because also IE 6 supports some old form of SSL) and make them available to plugins.
TL;DR: It's trivial to do it right, screwing it up in this way means they have no clue on what security means.