As an aside AFAIK many financial advisors have used aggregation services (CashEdge, ByAllAccounts, uMonitor), which require their clients to log in and provide essentially the same access to their financial institutions, for quite some time. I believe Yodlee was one of the first to make their aggregation services available to a consumer based business vs. an advisor.
In addition the onus of primary security (username/password) rests with the service provider (Yodlee), if I understand things correctly Mint would only store a unique identifier to access a user's information via a Yodlee API call. So after transaction data has been scrubbed it would be extremely difficult for a hacker to access a user's bank account information from Mint.
You're still very much correct if Yodlee has a security slip, but their business depends on securing that information.
In addition the onus of primary security (username/password) rests with the service provider (Yodlee), if I understand things correctly Mint would only store a unique identifier to access a user's information via a Yodlee API call. So after transaction data has been scrubbed it would be extremely difficult for a hacker to access a user's bank account information from Mint.
You're still very much correct if Yodlee has a security slip, but their business depends on securing that information.