Right. But my actual concern was not that a middleman is snooping, but the concern of giving the data to ididwork.com. Its not that data is not secure, but I think companies might be just simply paranoid(for no reason maybe). A hosted solution within thier control might be one of the solutions. Again, might be people are ok with that and its just my thought.
I think this is something that can be solved with trust and good customer service. Too many times people look to the technological solution because thats what they know. But people give sensitive information out all the time. If they trust you and know who you are and know you've got their back, they'll be more than willing to work with you.
Having the customer host a complex web application is likely going to be less secure then a hosted solution.
Consider the customer has to manage the code, applications that support the code (mysql, apache), manage the web server, and manage the physical security of the web server.
Absolutely, and corporations will never in a million years understand that, and they're willing to pay ten to twenty times as much for a "secure" internally-installed app (when you include the price of hardware, consultants, etc.)
