I try to be as careful as possible. For example, with the bckstgr thing the other day for 1,000 UA miles, I changed my UA password, then signed up and linked my fake Facebook/Twitter/Foursquare accounts, then changed my UA password back. So bckstrg only had a temp password for UA and only for a short period.

In the case of sites like awardwallet, I give up some security for lots of convenience.