I've used Yodlee for over 4 years with no problems, but I suppose there is always a possibility. I think they claim that there is no way that any of their employees can get access to passwords, etc. and I think they have some sort of insurance to back you up if there were to be a problem...read their terms and conditions for these type of details.

If you're extremely concerned, I suppose you could just store info on Frequent Flyer accounts and not use them for your financial accounts. That would limit your exposure.

When you use it through citibank, I think your data just goes straight into Yodlee's computers, so citibank doesn't really ever see it. Since their name is on the product though, I suppose it's one more party you could sue if there ever were a problem.