Mint is a money management tool that won $50,000 at TechCrunch 40 earlier this week. It's supposed to link all of your financial accounts such that you can see metrics on where and how you spend your money, with the hope that you can save better. This is a good theory, but since you're reading about it here, you can probably guess how the execution went.

We Gots Mad Cheddar Now

So here's the deal. You take all the financial institutions that you do business with, uh, well, as long as it's one of the 11 that Mint appears to support, and supply Mint with your login information. It will proxy your credentials to each webapp, and generate metrics.

Yeah, there's nothing that could possibly go wrong with this.

Allegedly, security is one of their top concerns. Well that's nice to hear. Yeah, it's probably safe to trust the keys to the kingdom with some company that busts their ass to try and win $50,000 worth of prize money so that it can continue to function. The set of balls on these guys. This is their security jerkoff:

• All data storage is encrypted. Not only are our hard-drives encrypted, our servers are in a secure facility protected by biometrics palm scanners and 24/7 security guards.
• SSL prevents eavesdropping. Communication between your browser and Mint occurs using 128-bit SSL, the highest industry standard. This prevents hackers from being able to listen-in on or "tap" a conversation. Data is delivered to you and you alone.
• Bank-level standards are used. This includes encryption, auditing, logging, backups, and safe-guarding data.
• We hack our own site. Mint runs thousands of tests on its own software to ensure security. We scan our ports, test for SQL injection, and protect against cross-site scripting. We also update and patch our software all the time.
• ...and a few more

Gotta Get My Cash Cause The Crooked Cops Try To Come Up Fast

I've got plenty of faith in these guys' ability to keep outside haxors from stealin ur megahurtz. Disk-level encryption, SSL (conveniently ignoring man-in-the-middle attacks, but OK fine), security audits, and logging. So it's probably pretty difficult for someone on the interwebs to pull some leet-hax on your data. That's not what I'm concerned about, though.

Someone has to have the encryption keys over there. All it takes is one bad apple in the staff with the appropriate level of access, and all the users are fucked. In the end, it's not about strong cryptography or biometrics. I doubt that Joe Asshole will walk in off the street and steal a hard disk out of one of Mint's servers. No, for me, it's about trust. I simply do not trust such a small, unproven company with that kind of information. Yeah, it's chicken-and-egg, but that's how we roll.

That, and if you sued them because of a security breach, you're probably not going to collect a whole lot.