"who cares?"

In a lot of systems, screen "name" (such as "Edward Martin III" or "Edubya") are independent of login. Usually this is extra security. A person needs to know TWO pieces of information in order to have your login. This is better security. Better security is generally good and most folks understand that two-part security is a good thing. Me, personally, I like it that way, too.

Passwords are interesting things. I've often been amazed at how common many passwords are. For example, "secret". I know, everybody with a half-a-brain ought to know better than to use "secret" as a password, but (shrug), people do stupid things. People also use "god" or "jesus" or "gandalf" as passwords. Password-cracking programs know this. Hell, if the word can be found in a common spellchecker, it AUTOMATICALLY sucks as a password, because password cracking programs check basic dictionary words as well. They also check <KnownWord><SingleDigit> combinations, such as "Cracker9" or "2hot4love".

As far as I can tell from tribe.net's system, passwords don't have to be unique (I have not verified this). The only unique identifier is your login. Which just so happens to be an e-mail address. So, a method of phishing for e-mail (which is a bit obnoxious) becomes a method of phishing for login information (which is more serious).

You, personally, might not value it, but that makes it no less valuable to anyone else, and in the case of security, it's usually wisest to err on the side of MORE security (where convenience isn't compromised).

"I'm not storing my bank accounts here."

Then you certainly won't mind posting your login... ;)

I am concerned about security issues. What guarantee do we have that the imported contacts will not be sold?