Thank you for contacting us. At this time, we have not implemented rounds of PBKDF2 hashing for mSecure. I'm not sure how 1Password and Bitwarden's system is implemented, but one thing to mention for mSecure is that your data is not encrypted with your master password. If someone were to get hold of your data in any way, either from hacking our cloud system (if you're using mSecure Cloud syncing), or hacking your Dropbox account (if you're using Dropbox syncing), or in any other way, the data is encrypted with a very strong, completely random account key. Your password is used for the security of the system, but it's not what's used to actually encrypt your data.
You can read more on mSecure's security model here: mSecure’s Security Model - Secure by design
I think 1Password does do something similar with the separate encryption, which is what I think most password managers are doing once the data gets stored in their own cloud system. There has to be a way to keep the data safe when it's not stored locally, and this seems like the best way at least for now.
Thank you for the article link as well. I'm not able to go over it's contents now, but I will in the future. Support right now is out of control after the mSecure 6 launch, so I'm just trying to keep my head above water.
With regards to keeping the password in memory, mSecure purges the password after its entered by the user. The password is used one time to first decrypt the account key, then after that, it's no longer needed. Once the account key has done its job of decrypting and encrypting the information when the app is locked, it too is discarded from memory. To my knowledge, the user's master password is never stored in memory after it's entered to unlock mSecure.