You are correct, It's all about how we keep our login details of wallets & protect from phishing sites. But How if we create a wallet of an ICO project, it is needed as a requirement to join a bounty program, then they ask to indicate the "log in" to process our rewards. Is it really secure for a participant?