With the recent open-sourcing of the SL client, and appreciating that the only fully secure way to enjoy SL will be though the official client downloaded from Linden Lab, I would still like to make a suggestion.
In light of the likelihood that there will be many interesting community-created clients to explore, I am concerned that one such rogue client could inadvertantly, or maliciously, obtain a password from a user, and that this could be used to hijack an account.
Please give us the option to have two passwords: one for logging into SL and one for logging into and managing our accounts though the web site.
This way, if a rogue client does obtain our login information to SL, we are not necessarily also exposing our account information and management. There are many of us here with large $US balances on our accounts and I do not want that money being exposed just because I logged into SL using a third-party client.
Just a thought.