Only a complete idiot would trust either of you guys or anyone else for that matter with their active key. Why the fuck would any sane person give you the ability to withdraw funds from their account.
As far as I'm concerned, you're both scammers for even asking for people active keys.
Your concern is very real on one hand, but hypocritical and immature on the other hand. I have put my code on github, and it is public for all to see, and my tool also runs on github, straight from the repository, the same way steemit.com, esteem and busy.org and pretty much every other trustworthy app that is designed to interact with the blockchain works.
It's not immature at all. It's simply common sense. Would you hand some stranger on the Internet the private keys to your bitcoin wallets? Of course you wouldn't. Handing over your steem active key is no different. As for all those other apps which do the "same", none of them require your active key, just your posting key.
Are you telling me that steemit.com, busy.org and esteem don't ask for your active key to transfer money? How do you transfer money on these apps without your active key? You're not making any sense...
Well, for most people, steemit is how they created their account in the first place. It's their wallet and has all their keys. The apps you listed are created by highly respected and trusted members of this community (but I still wouldn't give them my active key). You are neither of those things.
Also, if you'd tried using busy.org, you'd notice it doesn't even ask you for your active key and you sign in with your posting key through SteemConnect. Chainbb uses you posting key as well and they even provide a warning not to use your active key.
How do you transfer money on those apps? I don't know as I don't use them and don't even know if you can. I do use esteem, but only for notifications as the app is too buggy and slow for me to use for anything else.
Just like I wouldn't give people my bitcoin private keys, I sure as hell ain't giving people my steem active key for the exact same reason.
You're not giving me your active key either. You're putting it in a form that is designed the same way steemit.com, busy.org and esteem are designed. If I wanted to steal your key, I wouldn't be an idiot to put my code on github for everyone to see.
Why not? We know know that most users are not going to check the code on github. I'm not going to waste my time checking that code either to see if what you're saying is true. Besides, what's even the point of this service you've created when I can do the exact same thing using steemit anyway?
Here's are the facts:
Not throwing around the private keys that control the funds in your wallets in cryptocurrency security 101.
Ask those who use the service. Doing it manually on steemit.com or busy.org or esteem is going to take you forever. You don't check the code for steemit either yet you trust your active key with it. That's the hypocrisy that I was talking about. I doubt you would understand the code anyway so obviously you wouldn't check it. The point that I was trying to make was that the trust behind apps like steemit comes from the code being visible to the public. You still don't seem to get it... Oh well!