Prox is inherently more secure than a keyfob depending on how it is implemented on the system. Keyfobs are far less secure, especially (though not likely commonly) since they're able to be spoofed by using a RF sniffer if someone really wanted to, in comparision to a secure chip and a relatively short read range.
With a KP1, you can use the internal type unit. With all of them, as long as you have an appropriate pigtail, you can connect a 26-bit wiegand device to all of them, doesn't need to be a prox, but any sort of credential that spits 26 bit weigand...iris reader if you really wanted. I've used external readers straight into the keypads as well as use KAM's on the system also.
You can put an external reader outside of the KP2, but doesn't that do away with the benefits of a "trim" keypad recessed in the wall or surface mounted even. Also, with a prox reader, you need to factor in what the reader is mounted on or near, affecting the read range and sometimes data.
With the M1, you can specify how the panel acts on a valid swipe, if you don't check the arm/disarm box or access, it controls how the panel responds, even by user.
IE: you could have an external reader fire a strike, but still require the user to enter a code to disarm the system as stated. You can also assign access windows and schedules if you really wanted to. Sure you could perform some of the same actions using a fob, but it is inherently less secure as a credential.