When passwords are changed on Leancy, they are sent in clear, plain text over email in confirmation. That's a security breach, especially considering Leancy deals with people's money.
As I addressed the issue with Leancy's support, I was told the following:
You can publish your accounts username and password anywhere - no one can change your accounts details (including your password and Bitcoin address) unless the attacker have the access to your email address.
I see no threats for you here.
I really don't think that's a good answer. Do you feel safe enough with that answer? Please ask them to change that policy so that our emails won't compromise our money. Maybe with enough people asking, they will change their tune and fix this!
thanks!