I've been developing SteemConnect2 tool and I can confirm that WIF or password never leave user browser. Password is directly turned to WIF and just used a single time to create a signature for broadcast an operation. The code is open source and can be reviewed here: https://github.com/adcpm/sc2. At the current stage it still require you to trust Busy team and that our server not get corrupted. We are working with Steemit inc to address these concerns with code reviews and official hosting.