Isn't that the whole point of the Blur service...it logs into all these social services and combines them to produce a unified presentation? How else could it work?
Via the APIs each social service provides. They'd need only an oAuth token provided via your authentication, NOT full credentials. Worst case scenario, store the credentials on the device and authentication against each provider. There's no reason to ever send those credentials to a third party like Motorola.
Yodlee, the worldwide banking network, happily stores millions of people's BANK ACCOUNT passwords, with no interest in using a secure Auth API, and nearly no one cares.
Why should Blur care about keeping your FB credentials private?
I think the implication is that the aggregation is done server-side, so it needs your credentials there (not that that is a good idea or that sending credentials in the clear is not complete and utter incompetence).
Edit: upon closer reading, credentials were sent over a secure connection, but aggregated content was sent in the clear.