Won't someone be able to create a hacked up viewer that steals all of my Linden (L$)?
No. The important logic for transfering L$ between accounts happens on our servers, not in the viewer. The simulator code on our servers doesn't assume that the viewer is "trusted" code in any way, in the same way that web servers (should) never assume that a particular "trusted" web browser is being used.
Please explain what (other than personal ethics) is stopping me from making a client that looks legit but actually transfers all money and transferable assets to a nominated account? The client can obviously issue a command to give away money, so pretending the server will somehow protect users from this is misleading.
A second, more serious issue would be to create a client that steals the usernames/passwords of users, allowing complete account hijacking... do you have any plans to address this, such as use of a different password for logging into the client and for administrative tasks (logging into the website, USD transfers, resetting the client login password)
If Blizzard have trouble managing the workload of hijacked WoW accounts think how completely incapable you will be of dealing with this; you're a much smaller organization and appear to have zero free manpower to devote to this.