What’s to stop a dastardly developer from sniffing out user’s passwords during the login process, or once the login has been authenticated to misappropriate the cookie or other security token once it has been issued? What’s to stop a malicious programmer from capturing every email message passing through the application and using it for other purposes?

Oddly enough, when I think of those who could profit from creating a new interface and passing all of a Yahoo! user’s email through its systems for parsing and manipulation, first in line is Yahoo!’s archrival, Google.

Google has promised users of its Gmail service that, through the wonders of sifting through your email box with its supercharged content sniffers, they will be able to serve advertisements based on the content of your email messages. By using the API process, could Gmail create an interface for users to import the mail from Yahoo and further erode its rival’s advertising reach?

Just think: One day Gmail might also be able to deliver Yahoo! users a nagging email from their spouse, along with advertisements for divorce lawyers, discounts for dating services, and a sale price on the autobiography of Lorena Bobbitt – half-off, of course.

This is less a security problem than a business problem – but it’s one that I think about when trying to decide when to start short-selling Yahoo! stock.

For me, the biggest problem with ill-conceived “Web 2.0 compliance” is that it’s making it even harder to teach users how to protect themselves.

Just as we are getting users trained to be more suspicious of folks who ask them to log in via seemingly legitimate interfaces, systems like Meebo and the Yahoo! Mail API work to add further confusion as to what a “legitimate” login screen can look like.

Some of today’s Web 2.0 concepts are absolutely amazing and changing the face of the Internet for the better. But in the rush to ride this new wave, too many companies are blinded by coolness and forget the fundamentals.

I only hope that more of today’s Web 2.0 entrepreneurs will go back and spend some time with Privacy and Security 101, before their users – and their exciting ideas – get burned.