Web 2.0ish mash-ups seem to get all the attention for the (dubious) authentication model in which user's must provide their account credentials at some 3rd party site in order to allow the mashing site to access their data there.
If the data being pulled is inane or worthless, you might even be able to defend the model (until you realize how people reuse passwords across sites of different sensitivity).
Yodlee, Geezio, Mint, and Wesabe all use this 3rd party authentication model, but for financial data.
All profess to be 'obsessed with security'. Not surprising.
They all need to look at ID-WSF or OAuth.