(1)
The toughest part is to build credibility but somehow mint.com did it. Other than getting a few users who have communicated with me privately to act as references, I haven't figured that part out. It does take some trust on the part of the users but the risks are alleviated by the fact that the money is insured and even if I had your credentials, your bank should not allow me to log in as I'm accessing it from a different computer.
(2)
Good question. I had to restrict the query as it was over 1MB in size for the full list, but I'll run it and make the xml file available for people that don't want to query each time. I created the list from a couple of sources and have only tested it with my and my family's accounts so it is hard to tell how much of the data is valid and how much is stale.
It does take some trust on the part of the users but the risks are alleviated by the fact that the money is insured and even if I had your credentials, your bank should not allow me to log in as I'm accessing it from a different computer.
If you mean FDIC insurance, that's only if the bank fails; identity theft type losses are probably not covered (you may want to research and confirm this).
Also, I don't think it matters from which computer/ip address someone logs in. If you know my login credentials, you can do anything to the account (though this might vary from bank to bank).
I think you need to be more proactive about security and fraud before people will be comfortable.
(2) Good question. I had to restrict the query as it was over 1MB in size for the full list, but I'll run it and make the xml file available for people that don't want to query each time. I created the list from a couple of sources and have only tested it with my and my family's accounts so it is hard to tell how much of the data is valid and how much is stale.
edit: http://finkin.com/InstitutionSearch.xml