Here's another one:

- using a third party tool to read and store credentials is an attack vector itself.