The API of QRZ allow and even promote the insecure transmission of passwords and api keys. The password allows full access to your QRZ account while the api allows full access to your QSO log including modification and deletions. Whenever you enter your QRZ password or api key into a third party program you don't know whether the program uses encrypted or plain text communication. The QRZ.com administration decided not to fix this security issue in order to continue to support third party applications that send passwords and api keys in plain text. Even new programs are still being created that are insecure. Thus security is not guaranteed. BTW, HamQTH and eQSL aren't any better since they have the same security issues. Think twice if you enter your QRZ password or api keys somewhere.