[r00fus]

Some banks (Cap One 360 formerly ING Direct) allow you to generate a site-specific passphrase, so you would limit your exposure if Mint got hacked.

However, the whole concept of something like Mint is really read-only access, and I wish that site-specific passphrase had that as well.

[ghthor]

Mint is readonly, but the possibilities explode when you are given RW and event processing access to your money. You could already do some cool things of you buffer your accounts between 2 cards. But you can't straight up sent transactions with code, or you're own "automated" savings plans, or social graph triggers/input based on transactions. So many cool possibilities, banks need to step up or collaborate on an engineering effort to produce a secure ApI system and infrastructure.

[r00fus]

Mint is read only but it's not clear the site-specific password is likewise readonly.