[howeyc]

This is why some people use the "offline" applications like GnuCash[1] or cli-ledger[2]. These programs can be used in such a way that they don't even know the financial institutions you do business with, never mind usernames/passwords.

However, as others have stated, they view the convenience gained to be worthwhile enough to sacrifice the security of their accounts. Plus, I'm sure they asses the probability of Mint (and their employees, contractors, etc) using this information in any way other than "read-only" (at least intentionally) to be very close to zero.

[1] http://www.gnucash.org/ [2] http://ledger-cli.org/