Look at the way the JSON response from their API is formatted.
https://api.tradehill.com/API/USD/Tradeshttps://api.tradehill.com/API/USD/OrderbookHow it is (notice the " around values):
{"date": "1308278023", "tid": "4667", "price": "17.20010000", "amount": "10.00000000"}
How it should be (notice the lack of " around values):
{"date": 1308278023, "tid": 4667, "price": 17.20010000, "amount": 10.00000000}
A senior level programmer would not make this trivial mistake. You do not send numbers out as strings. My firm wouldn't even hire for junior level the people who designed such a thing. The other exchanges at least format these responses correctly. And they still got hacked due to other vulnerabilities. How can I trust the security of a site dealing with money, when they can't get basic stuff like JSON right?
I noticed this since I started logging their prices (for historical purposes), but I feel compelled to point it out now since there is lot of talk about how "professional" they are and due to the attack people started searching for Mt Gox alternatives.
What I would like to see is for TradeHill to post pictures of their faces, their offices, their infrastructure, each one of them including the secure timestamp from a Financial Times copy.Cryptographic secure timestamp:
http://upload.wikimedia.org/wikipedia/en/6/6c/Guardtime_timestamping_newspaper_publication.png