I assume there wouldn't be much of a problem if the api is only used client-side, eg the api key never actually leaves your device, but from the above article I'm sorta making up that that is not the case?
If they do not keep the api key client-side only or if you have to ask/wonder (if it's not opensourced), Like I currently do, it's probably a bad idea.
There's 0 accountability on their part if something goes wrong, and you'll never be able to prove it was them who stole your coins either.
Actually a pretty smart business model if you have little to no morals. Bit offtopic: I don't see how blockfolio makes money? Ads?
Given what you now know about APIs, you’ll hopefully feel more empowered to make an informed decision about whether to offer your Exchange API Keys to Blockfolio in return for wallet exchange integration in Blockfolio 2.2. With that said, Blockfolio is firmly committed to the protection, security, and privacy of all its user data. As a principle, we believe if you already trust your favorite crypto Exchange and your favorite portfolio tracking app (Blockfolio, of course!) with your data and information, then offering your Exchange API keys for real-time exchange integration is an extremely low risk / high reward proposition. For a discussion of further exchange integration benefits, head over here.
Seriously, what the hell? Why can't they just clearly say whether or not the api key is stored client-side only.