[13]

I think you put far too much trust in one of thousands of clone VPN services. There's no reputation to taint, there's stock standard scripts running on commodity VPS boxes they rented from somewhere else. I would be shocked if at least some of the most commonly used ones weren't run by people looking to sniff credentials. You're paying to pipe all of your sensitive information through some random persons box, which is just ludicrous.

[MaulingMonkey]

Oh, wait. Were you suggesting VPNing into your home connection or similar instead?

[pyvpx]

you should trust your end points. assuming you trust the machine you are using, the other end of the tunnel should be just as trustworthy. that's great if you trust a company; but what incentive do you have to trust them?