Comment 5 for bug 782690

Good point. (On the other hand, it could be said that you have to completely trust *any* software that you run on your local machine, at least with today's operating system architectures. Even if Shotwell doesn't ask for your password directly, if the software is malicious it could install a keylogger or a browser plugin or a similar hack to grab the password when you enter it into another application. I believe that some such attacks are viable even if Shotwell doesn't run as root.)

In any case, I think it's time for Shotwell to switch to OAuth/OpenID. I've marked the upstream ticket (http://trac.yorba.org/ticket/3445) for the next Shotwell release (0.13).