Comment Re:Fool me once.... (Score 1) 217
Even if you don't access their site again, they still have your password in plaintext long enough to make a hash for the webserver to use. If you do ever use their site again (which many people might do: for instance, their site is the only way to buy more space), the login page on their site is a simple POST for the submission of the password so it's easy enough to snatch it there if they were compelled to. That's not even getting into their use of a closed source server and client and unverified crypto implementations (they toss out nice buzzwords on the site you mention, but you don't get to see how they implemented them).
I don't care about taking this up with them, as they have no real reason to address anything. I don't use their service for secure data storage. They state on their site that they are secure with "zero knowledge" and people give them money and post exaggerated inaccuracies about their 1337 security online. It sounds like a great business model to me.
I just want to make sure that everybody uses a little critical thinking when deciding to trust a third party with their data. The fact that their design has holes in it needs to weigh into the decision to use them, even though it's compelling to think that they're a champion for your online privacy.