I recently used Meebo and I must admit I'm a little paranoid about typing my IM login information into a site like this. How do they store my username and password for each of the separate IM services? I only feel comfortable when a site takes my password and does some type of irreversible, one-way function on it, but it seems that Meebo would have to store my passwords in a way that they could retrieve them at anytime in order to facilitate the automatic logon into the separate IM services they support. Am I justified in being paranoid about this?
EDIT: I found this excerpt from Meebo's privacy policy:
Third Party IM Service User Names and Passwords. Meebo allows you to access third party IM services by logging into your account through Meebo (the "Third Party IM Services"). In order to access your Third Party IM Service account, you must enter your applicable user name(s) and password(s) on the Meebo Service. To use the basic IM services on the Websites, Meebo does not store the password(s) of your Third Party IM Service accounts on our server. If you wish to utilize advanced features of the Services, such as automatic sign-in, storage of your password(s) may be necessary.
Jeff Atwood posted on this topic a while back in this article: Please Give Us Your Email Password.
Meebo encrypts your individual account password w/ your meebo account password. Your meebo account password is bcrypt-ed. So Meebo doesn't know any of your passwords unless you're logged in. http://blog.meebo.com/?p=2220