Yeah it unfortunately gets passed through my app into the webpage when you do an action like post or like. I don't save your password anywhere, I only temporarily save session data.
As of right now the only real security risk comes from if you are rooted. I understand if people don't want to trust me with their info that's why the whole thing is optional. ☺️
Since memo.cash is a tool to express opinions, it could get ugly for the individual originally owning the account as the "only" currently security is our password. No current recovery.