That's a lot of conditions to be met, and I already suggest enabling two-factor authentication for both Apple IDs (and thus iCloud access) and Dropbox to reduce the potential, as both Dropbox and Apple ID provide true second-factor methods.
As with all issues involving weighing risk, you should consider whether the ease outweighs potential exploitation. For you, perhaps true second-factor use is mandatory, and I feel that way for most, but not all accounts. For people you advise informally — family, friends, coworkers — 1Password as a single-source solution that deters remote access could be a huge step up.
Sign up for MIS Asia eNewsletters.