Brian Mastenbrook: How I cross-site scripted Twitter in 15 minutes, and why you shouldn't store important data on 37signals' applications
I don't wish to join the 37signals bashing but this article highlights a growing concern of mine about letting other people hold my data. I've decided to let as few people as I can hold my data because the more it's spread around the more risk there is of losing control of it and, frankly, it doesn't matter who it is, too many companies have been found wanting when it comes to security.
Plus, I've read too many hacking tales to know that if hackers are one thing it's persistent, they do not give up and, if they want, they will, one day, find a way in.
Source