Privacy and security are really big priorities for us, so we do our best to address those concerns whenever we can. As far as personal info is concerned, we store the minimum possible info (first name and email, no address, DOB, etc). And we use a popular service called Plaid to do the transaction retrieval, so we never store sensitive credentials. Plaid actually powers many, many other financial services, so they're quickly building a great reputation themselves.
The other aspect is that banks are really good at physical security, but not so great at data security. Consider the recent Chase breaches, where a ton of sensitive data was leaked—you're obviously placing a lot of trust on Intuit or Plaid whenever you use Mint or Penny, but at least they're modern technology companies that probably hold themselves to higher data security standards than your bank.
