Third party apps present a username and password field to log into a Lemmy instance. They can easily just steal your credentials. There are standard auth flows to solve this problem. The fact that Lemmy devs have willfully ignored this issue for years, and that they aren't warning users not to trust third party apps, lead me to believe they don't really care about security, which is the biggest red flag. There's finally an open github issue that seems to be acknowledged, but it'll be some time before this feature (if ever) ever gets implemented.
-Posted from a third-party app; yea, i gave them my password blindly.
Over a decade lurking on reddit; never posted. Just made a lemmy account. I don't need lemmy to be "the next big thing"... just need it to not be overrun by bots and astroturfing. Hopefully some of the smaller subs I visit move over.