This sent a chill down my spine. For services like Yahoo!, AOL, and Google, the username and password for your IM service also gives access to your email, your public and private photo albums, your calendar, your address book, and in some cases your billing information and other personal data. This is not information that anyone should hand over very easily.

Knowing full well that most consumers aren’t as jaded and suspicious as me, I took a quick spin through Meebo’s About Us section of their website and learned that if I signed up, the keys to my online realm would be under the care of people like “Biz Guy,” Mr. Sparkle, an Abraham Lincoln re-enactor, and someone called “Server Chick,” who “just quit her day job.”

The site also provided a link for something called “privacy principles,” which stated that while the company is very committed to security, “we’re not all the way there yet.”

Ironically, those candid revelations make Meebo among the most honest and forthright of all the Web 2.0 start-ups regarding the risks arising from such experiments in openness and wide-eyed trust.

Looming Disaster

While start-ups like Meebo are busily creating new possibilities for privacy and security disasters, the established Internet companies are also rushing headlong into their own potential problems. Among them is the current front-runner for my “Greatest Looming Web 2.0 Disaster Award”: the new API for the Yahoo! Mail service.

Earlier this month, Yahoo! announced that they were opening up their mail system to third-party developers who want to create applications that incorporate access to users’ Yahoo! email accounts. By utilizing the API, which reportedly includes an updated user login and authentication process, any developer can add the ability for users to send and receive email messages via their existing Yahoo! Mail account from within that developer’s proprietary application.

The idea is to make it easier for the Web 2.0 development community to integrate Yahoo! Mail into various new and interesting experiences, allowing Yahoo! to be more deeply embedded in the Internet of tomorrow.

But in my mind, the benefits of opening up the system are outweighed by the potential to create even more sophisticated kinds of “man in the middle” hacker attacks and new twists on the growing epidemic of “phishing.”

Phishing is the process by which hackers trick users into providing their usernames and passwords by creating sham versions of websites that masquerade as legitimate. Phishing works because most users aren’t very skeptical or discriminating when they are asked to log into their email, online banking account, eBay or PayPal account, or other online service.

Even if there is a way to secure the login process and to make it less susceptible to being replicated by phishers, there’s still the matter of ill-intentioned application developers.