I wish that Google would release an appliance (like their Google search appliance) that I could host in my work network. That would transfer most access risks to within the company network.

Maybe, but I’m not sure it’for everyone….

The fundamental issue is that you are re-downloading the software each time you go to the page, and it is difficult to know if the software has been corrupted. If the site were ever hacked, hostile code could be inserted to capture the passwords of every single user. This would be much safer if is used a signed application binary which then lived locally on your computer all the time. A non-technical risk is that I have no idea who these people are or what kind of history they have that should lead me to trust them. This could simply be a scam for all I know (and lets be clear, I neither know nor suspect any such thing).

It looks like they have done some good thinking and hard work on this project. I would certainly not want to imply that it is insecure. The question is always “secure for what purpose?”
In this case, I would consider using it for personal (sensitive but low security) applications, but I would not put my life in its hands.

“this vulnerability is not specific to Google, it applies generally to any provider of cloud computing capabilities. I personally avoid cloud computing when I can because I have high security needs”.

Please have a look at http://www.threetags.com

The site claims to be very secure. What do you think of it?

Antrek