It's kind of funny- I find myself to be on the critical side when it comes to Apple, especially on HN, but when it comes to iCloud Keychain I use it pretty unquestioning. Probably because I don't trust 1Password or other password managers to be any better, and it's a feature that's baked into the OS so adoption is frictionless.
When it comes to trust it doesn't really matter what you use.
In theory 1Password has the superior product, as they use MFA for accessing your vault, and your account password only allows access to the encrypted vault (unlike Bitwarden where your account password unlocks everything).
But that is all theory, and you don't really know what really goes on behind the scenes, and it could all just be "theater". It probably isn't, but that's where the trust part comes in.
Personally i doubt that Apple has any nefarious intent, and i believe their intention is to make stuff better and more secure, and that they protect/respect privacy. Again, this is a matter of trust, and i trust Apple.
I don't base my assumptions on blind trust, but actually review their documentation on their services, like iCloud Data Security [^1]. They're pretty open about how they encrypt stuff, and also mention stuff like when using standard iCloud encryption, your backup of messages includes a key that can be used to decrypt the messages in the backup.
I enabled Advanced Data Protection as soon as it became available, and stopped worrying about it. For stuff that i want to keep secret at all costs i use GPG or Cryptomator.
As for Keychain i use a mix of Keychain and 1Password. Keychain for everything "simple" that i don't care about, i.e. websites that requires a login. It plays well with Hide my Email, and offers the path of least resistance. My 1Password usage is mostly stuff that doesn't fit easily into Keychain.
