I just checked this with mine. Everything is correct, up until the last line. There are no passwords stored in that file. Just the addresses of the sites.
The article never said it was leaking password data.
The meta data can present just as much of a privacy or security issue, in some cases, depending on what's in there and where you store your keychain file. It's pretty much a list of every site you have a login on. And as the author stated, it could also contain password reset URLs that are not one time usage urls.
1Password has always known about this issue but doesn't seem to really care about it (it was a deliberate design decision), and doesn't inform their users about it. I wonder how many of their users just assume this data is all encrypted, because they haven't been told otherwise.
People get upset when their government wants ISPs to save a history of every URL visited by each of their customers, to be made available to them upon request, calling that an invasion of their privacy. How would this kind of data about 1Password users, made available to the public in plain text (depending on where you store your keychain file) be any less of a privacy risk?