Hello, I've sent a ticket three days ago but i haven't got any reply so that's why im writing this here.
I would like to know why you save the pin (to access the app) and the sync password (for SYNCbits) just as plain text in the database where anyone (at least with root) can access and read it (the database is not even encrypted). At least you could encrypt the password with MD5 or any kind of hash with salt.
I don't know if you save the bank log in credentials in the same way, I haven't paid for it so I couldn't try it.
Already been replied.