Never submit your app's username and password to a third-party. Be careful the information you passed to a third-party managing your other third-party information. For example, there are tons of social media managing app and it is best to avoid them. Of course you can try to decompile the code but if they do stuff on their server to access your data for you for convince, who knows what they are logging?