what are the security implications if all your user names and passwords are being captured and sent to god knows who?
Funny you should mention banks... I was having big fun with one earlier this week. The accountant paged me because he'd had trouble logging into the banks website, and their support "tech" was wanting him to modify (read butcher) the browser security settings. Now the page came at one of those times where I was dancing on the edge of my interruptions limit, which set the stage nicely for a bit of a perfect storm. You see, while I'm obligated to be "kind" to clients and coworkers ... Brain dead script reading support drones are basically open season. And I was in just the right mood.
So when the drone starts trying to walk me through allowing any & all cookies from the bank, which has absolutely no reason to be using 3rd party cookies ... I snapped, and went after them with a vengeance. I am notoriously soft spoken IRL. But for once the entire office had absolutely no problem what-so-ever hearing me. At all. The customer service manager was laughing so hard she could hardly breath, and the accountant was speechless.
We got kicked up to an engineer, that thankfully didn't ask any stupid questions because he was bright enough to realize that an error message that clearly states that "your account password was correct but invalidated due to over use", meant that the problem was (Captain) Obviously on their end. That and the intermittent system wide outage they'd been dealing with all morning (he admitted to it) helped to make the necessary fix (on their end) much clearer (to a sentient being...).
So apparently the banks don't actually care much about (your) security...unless they happen to be on TV.