but here is the only line you need to read when LinkedIn defends its security policies:
"In June 2012, LinkedIn suffered a security breach resulting in the loss of over 6.5 million encrypted passwords that could have allowed criminals to break into subscribers’ accounts."
Of course, in their defense, [the] company said all information transferred between servers was “fully encrypted” and that mail accounts are “not affected in any way.”
Please don't get me wrong here. I love LinkedIn. However, the marginal added benefit of showing connections is not worth the increased attack surface that Intro introduces to users. There is a better way to implement Intro, if LinkedIn commits to user privacy:
1. Let users opt-in to a key value store of their LinkedIn identities and their many email addresses verified with their LinkedIn account.
2. Create a public API that will allow mail clients to query such data, if a user opts in to receive such data.
This would be a win-win in that your mail does not have to flow through to a third-party (which we trust today but could be silently subverted tomorrow). This also strengthens LinkedIn's intelligence about who communicates with whom without placing it in the precarious position of having to open up its crown jewels to prosecutors when some sleazy House Representative sends illicit pictures of himself to prostitutes and says LinkedIn subverted his email and sent emails pretending to be him (you know just how bad we've got in politics on either side).
Dear LinkedIn, I love you dearly. Please do the right thing. Lots of love, On