This is possibly the most asked topic on these forums :p Bungie does not officially support third party authentication. In order to make authenticated requests you need to have a mechanism in place that gets the browser cookies that are generated when a user authenticates with PSN/Xbox. Applications that act as web browser extensions are probably the least iffy because they will never have access to your login details (though technically all you need are valid cookies and you could do all sorts of things...) and the user has to make an active choice of allowing the plugin to have access when they install it. Most developers that put heaps of time into making awesome apps have absolutely no desire to use a user's information for anything other than to enrich their time spent in Destiny, Bungie.net have been working hard at bringing more stuff out from the private endpoints (and will be introducing privacy options no one will probably really use, but will at least have the option if they wish) as well was building their own versions of apps that require authentication into the Bungie.net website such as the Gear Manager. I feel that if there was a case where a third party app was built with the intension of being dishonest with a user's credentials, it would get shut down very quickly. But its really up to the end user whether they would rather be with or without (and those few times where I had to resort to using the Offical Mobile app to move an entire gear set, man can that suck...). Most developers actively engage with their users on the forums, reddit or their own websites, and if a user still distrusts them after they give out Chocolate Strange Coins, well...that's their loss :p