This worked for me: I had never enabled “Enable Secret Agent while STRIP is not running” because I wanted the Secret Agent to require the password, too. Inserting anything into the currently active text field of the browser would not work. Inspired by @wgray’s points, I enabled the option, and let STRIP install it’s script. With the option checked, all of a sudden the insertion worked. And guess what, after I turned the option off again to force Secret Agent to ask for the password when STRIP is locked – the insertion still worked.
To me it hence seems that the script is always required, not only for Secret Agent to bypass the lock state. So the STRIP devs might choose to revisit their install process once more? Oh, and once you’re there: to me there is no point in asking the user for the script directory. 99.999% of the users won’t know what you’re asking for. So why bother asking, and not just use the default? Just my 2 cents anyway.