If this is in any way connected to the vulnerability which was publicly discussed last week then Instawallet needs to explain why they didn't take the service offline until that vulnerability was fixed.  The password clue for their own wallet was made public, for fuck's sake.  .