Mint is a great service, and I'm actually trusting it quite a bit. But their re-assurances are giving me the willies:
Your credentials are safe on Mint.com. We use
bank-level encryption to secure your login credentials, they cannot be compromised. We are establishing a read-only connection to your bank,
we cannot move or transfer money. -- mint.com
Of these 3 statements, the first is hopefully true for some reasonable value of "safe". The second and third statements are demonstrably untrue, and they undermine the first assertion. (As a matter of fact, when my bank offered a "read only" username/password mechanism, I tried it out with Mint -- Mint choked on the results.) Mint has full access and can impersonate me to my bank. I strongly dislike this situation and want Mint and the banks to change this.
Mint + Banks: Please implement a least-privilege access mechanism.
OAuth would be great, but frankly anything including a read-only password would be better …