There’s a massive difference between trusting banks (insured, backed by the state, etc) and trusting some random SaaS/web app you saw 10 minutes ago with access to said banks.
Oh it's "random" app, and here this time I figured we were talking about a reputable one that has PCI-DSS compliance like Quicken. My bad.
Sure, if you just trust some random Chrome extension from a random individual developer, you're absolutely setting yourself up for trouble when they hack your shit. But to wholesale dismiss all apps when there are actual legal protections in place that permit these businesses?
