[paisible]

"In the worst case your LinkedIn account may be compromised. You will have to weigh this against the convenience of not having to log in to LinkedIn." This doesn't convince me.

[feralchimp]

While I appreciate their honest and upfront response to the question, I'd argue this makes the idea better suited to an application that the user runs locally.

[devgutt]

Agree. There is no reason to launch a service for this. Sounds a little suspicious to me.

[joering2]

any idea why they need to save it in plain text? no encryption mechanism provided in the world of open source?

[corin_]

In order to log into a user's LinkedIn account with the password, they need to be able to give LinkedIn the password in plain text.

So yes, they can and most likely do encrypt it in some way, but in order for their server to be able to decrypt it when using it, they must naturally have to have the decryption code/passkey/etc stored on the server.

[crescentfresh]

"...we need to be able to rederive the plaintext"

The use of the word rederive sounds like it may be encrypted to me.